Auth Check For Decks

2025-10-24 20:28:45 +02:00
parent 5722846da3
commit b9fedb3601
5 changed files with 31 additions and 9 deletions
@@ -3,7 +3,7 @@ import { UpdateDeckCommand } from './UpdateDeckCommand';
 import { ShortDeckDto } from '../../DTOs/DeckDto';
 import { DeckMapper } from '../../DTOs/Mappers/DeckMapper';
 import { DeckAggregate } from '../../../Domain/Deck/DeckAggregate';
-import { logError } from '../../Services/Logger';
+import { logAuth, logError } from '../../Services/Logger';

 export class UpdateDeckCommandHandler {
  constructor(private readonly deckRepo: IDeckRepository) {}
@@ -24,6 +24,11 @@ export class UpdateDeckCommandHandler {
            throw new Error('Deck not found');
        }

+        if(cmd.authLevel !==1 && existingDeck.userid !== cmd.userid) {
+          logAuth(`Unauthorized access attempt to deck with ID: ${cmd.id}, UserID: ${cmd.userid}`);
+          throw new Error('Unauthorized');
+        }
+
        const for_update: Partial<DeckAggregate> = {};
        if(cmd.name !== undefined) for_update.name = cmd.name;
        if(cmd.type !== undefined) for_update.type = cmd.type;