From c39a0d1ef3bb335aee1d605f6c3ee6f095499820 Mon Sep 17 00:00:00 2001 From: Jonni Liljamo Date: Wed, 25 Jan 2023 10:02:56 +0200 Subject: [PATCH] fix(sdbapi): remove redundant checks for user --- sdbapi/auth/auth.go | 11 +++++++++++ sdbapi/handlers/allforming.go | 9 --------- sdbapi/handlers/gamecreate.go | 13 +------------ sdbapi/handlers/gameinfo.go | 9 --------- 4 files changed, 12 insertions(+), 30 deletions(-) diff --git a/sdbapi/auth/auth.go b/sdbapi/auth/auth.go index 2a23e66..8d7423a 100644 --- a/sdbapi/auth/auth.go +++ b/sdbapi/auth/auth.go @@ -9,6 +9,7 @@ package auth import ( + "api/db" "errors" "os" "time" @@ -66,5 +67,15 @@ func ValidateJWTToken(userToken string) (claims *JWTClaims, err error) { return } + // Auth should match a registered user + // NOTE: Technically auth should always match a registered user, but just in-case. + // TOFIX: Or, now that I think about it, I should run some tests to see if this + // truly is just dumb to check. + _, uerr := db.GetUserByEmail(claims.Email) + if uerr != nil { + err = errors.New("user does not exist") + return + } + return } diff --git a/sdbapi/handlers/allforming.go b/sdbapi/handlers/allforming.go index 82a1faf..2176adf 100644 --- a/sdbapi/handlers/allforming.go +++ b/sdbapi/handlers/allforming.go @@ -18,15 +18,6 @@ import ( ) func FormingGames(c *gin.Context) { - // Auth should match a registered user - // NOTE: Technically auth should always match a registered user, but just in-case. - _, err := db.GetUserByEmail(c.GetString("email")) - if err != nil { - c.JSON(http.StatusUnauthorized, gin.H{"error": apierror.NotAuthorized}) - c.Abort() - return - } - var games []models.Game records := db.DbConn.Where("state = ?", models.GAMESTATE_FORMING).Find(&games) if records.Error != nil { diff --git a/sdbapi/handlers/gamecreate.go b/sdbapi/handlers/gamecreate.go index 9dbf8f4..69f8ad7 100644 --- a/sdbapi/handlers/gamecreate.go +++ b/sdbapi/handlers/gamecreate.go @@ -18,18 +18,7 @@ import ( ) func CreateGame(c *gin.Context) { - // Auth should match a registered user - // NOTE: Technically auth should always match a registered user, but just in-case. - var p1 models.User - - user, err := db.GetUserByEmail(c.GetString("email")) - if err != nil { - c.JSON(http.StatusUnauthorized, gin.H{"error": apierror.NotAuthorized}) - c.Abort() - return - } else { - p1 = user - } + p1, _ := db.GetUserByEmail(c.GetString("email")) var game models.Game diff --git a/sdbapi/handlers/gameinfo.go b/sdbapi/handlers/gameinfo.go index 3bab1b3..dfd129c 100644 --- a/sdbapi/handlers/gameinfo.go +++ b/sdbapi/handlers/gameinfo.go @@ -29,14 +29,5 @@ func GameInfo(c *gin.Context) { return } - // Auth should match a registered user - // NOTE: Technically auth should always match a registered user, but just in-case. - _, err := db.GetUserByEmail(c.GetString("email")) - if err != nil { - c.JSON(http.StatusUnauthorized, gin.H{"error": apierror.NotAuthorized}) - c.Abort() - return - } - c.JSON(http.StatusOK, gin.H{"id": game.ID, "state": game.State, "p1": game.P1, "p2": game.P2}) } -- 2.44.1