Merge pull request 'Auth Check For Decks' (#68) from Backend_Fix into main

Reviewed-on: #68
2025-10-24 18:29:05 +00:00
parent 0ae66b3307 b9fedb3601
commit e3f752ce8a
5 changed files with 31 additions and 9 deletions
@@ -199,12 +199,13 @@ deckRouter.patch('/:id', authRequired, async (req, res) => {
 	try {
 		const deckId = req.params.id;
 		const userId = (req as any).user.userId;
 		const authLevel = (req as any).user.authLevel;
 		logRequest('Update deck endpoint accessed', req, res, { deckId, userId, updateFields: Object.keys(req.body) });
 		// Convert string enum values to integers
 		const updateData = convertEnumValues(req.body);
-		const result = await container.updateDeckCommandHandler.execute({ id: deckId, ...updateData });
+		const result = await container.updateDeckCommandHandler.execute({ userid: userId, authLevel: authLevel, id: deckId, ...updateData });
 		logRequest('Deck updated successfully', req, res, { deckId, userId });
 		res.json(result);
@@ -244,9 +245,10 @@ deckRouter.delete('/:id', authRequired, async (req, res) => {
 	try {
 		const deckId = req.params.id;
 		const userId = (req as any).user.userId;
 		const authLevel = (req as any).user.authLevel;
 		logRequest('Soft delete deck endpoint accessed', req, res, { deckId, userId });
-		const result = await container.deleteDeckCommandHandler.execute({ id: deckId, soft: true });
+		const result = await container.deleteDeckCommandHandler.execute({ userid: userId, authLevel: authLevel, id: deckId, soft: true });
 		logRequest('Deck soft delete successful', req, res, { deckId, userId, success: result });
 		res.json({ success: result });
@@ -1,4 +1,6 @@
 export interface DeleteDeckCommand {
  userid: string;
  authLevel: number;
  id: string;
  soft?: boolean;
 }
@@ -1,10 +1,24 @@
 import { IDeckRepository } from '../../../Domain/IRepository/IDeckRepository';
 import { logAuth, logError } from '../../Services/Logger';
 import { DeleteDeckCommand } from './DeleteDeckCommand';
 export class DeleteDeckCommandHandler {
  constructor(private readonly deckRepo: IDeckRepository) {}
  async execute(cmd: DeleteDeckCommand): Promise<boolean> {
    //get decks userid
    const deck = await this.deckRepo.findById(cmd.id);
    if (!deck) {
      logError(`Deck not found with ID: ${cmd.id}`);
      throw new Error('Deck not found');
    }
    if(cmd.authLevel !==1 && deck.userid !== cmd.userid) {
      logAuth(`Unauthorized access attempt to deck with ID: ${cmd.id}, UserID: ${cmd.userid}`);
      throw new Error('Unauthorized');
    }
    if (cmd.soft) {
      await this.deckRepo.softDelete(cmd.id);
    } else {
@@ -1,11 +1,10 @@
 import { n } from "framer-motion/dist/types.d-D0HXPxHm";
 export interface UpdateDeckCommand {
  userid: string;
  authLevel: number;
  id: string;
  userstate?: number;
  name?: string;
  type?: number;
  userid?: string;
  cards?: any[];
  ctype?: number;
  state?: number;
@@ -3,7 +3,7 @@ import { UpdateDeckCommand } from './UpdateDeckCommand';
 import { ShortDeckDto } from '../../DTOs/DeckDto';
 import { DeckMapper } from '../../DTOs/Mappers/DeckMapper';
 import { DeckAggregate } from '../../../Domain/Deck/DeckAggregate';
-import { logError } from '../../Services/Logger';
+import { logAuth, logError } from '../../Services/Logger';
 export class UpdateDeckCommandHandler {
  constructor(private readonly deckRepo: IDeckRepository) {}
@@ -24,6 +24,11 @@ export class UpdateDeckCommandHandler {
            throw new Error('Deck not found');
        }
        if(cmd.authLevel !==1 && existingDeck.userid !== cmd.userid) {
          logAuth(`Unauthorized access attempt to deck with ID: ${cmd.id}, UserID: ${cmd.userid}`);
          throw new Error('Unauthorized');
        }
        const for_update: Partial<DeckAggregate> = {};
        if(cmd.name !== undefined) for_update.name = cmd.name;
        if(cmd.type !== undefined) for_update.type = cmd.type;