M sdbapi/auth/auth.go => sdbapi/auth/auth.go +11 -0
@@ 9,6 9,7 @@
package auth
import (
+ "api/db"
"errors"
"os"
"time"
@@ 66,5 67,15 @@ func ValidateJWTToken(userToken string) (claims *JWTClaims, err error) {
return
}
+ // Auth should match a registered user
+ // NOTE: Technically auth should always match a registered user, but just in-case.
+ // TOFIX: Or, now that I think about it, I should run some tests to see if this
+ // truly is just dumb to check.
+ _, uerr := db.GetUserByEmail(claims.Email)
+ if uerr != nil {
+ err = errors.New("user does not exist")
+ return
+ }
+
return
}
M sdbapi/handlers/allforming.go => sdbapi/handlers/allforming.go +0 -9
@@ 18,15 18,6 @@ import (
)
func FormingGames(c *gin.Context) {
- // Auth should match a registered user
- // NOTE: Technically auth should always match a registered user, but just in-case.
- _, err := db.GetUserByEmail(c.GetString("email"))
- if err != nil {
- c.JSON(http.StatusUnauthorized, gin.H{"error": apierror.NotAuthorized})
- c.Abort()
- return
- }
-
var games []models.Game
records := db.DbConn.Where("state = ?", models.GAMESTATE_FORMING).Find(&games)
if records.Error != nil {
M sdbapi/handlers/gamecreate.go => sdbapi/handlers/gamecreate.go +1 -12
@@ 18,18 18,7 @@ import (
)
func CreateGame(c *gin.Context) {
- // Auth should match a registered user
- // NOTE: Technically auth should always match a registered user, but just in-case.
- var p1 models.User
-
- user, err := db.GetUserByEmail(c.GetString("email"))
- if err != nil {
- c.JSON(http.StatusUnauthorized, gin.H{"error": apierror.NotAuthorized})
- c.Abort()
- return
- } else {
- p1 = user
- }
+ p1, _ := db.GetUserByEmail(c.GetString("email"))
var game models.Game
M sdbapi/handlers/gameinfo.go => sdbapi/handlers/gameinfo.go +0 -9
@@ 29,14 29,5 @@ func GameInfo(c *gin.Context) {
return
}
- // Auth should match a registered user
- // NOTE: Technically auth should always match a registered user, but just in-case.
- _, err := db.GetUserByEmail(c.GetString("email"))
- if err != nil {
- c.JSON(http.StatusUnauthorized, gin.H{"error": apierror.NotAuthorized})
- c.Abort()
- return
- }
-
c.JSON(http.StatusOK, gin.H{"id": game.ID, "state": game.State, "p1": game.P1, "p2": game.P2})
}