-
Notifications
You must be signed in to change notification settings - Fork 0
chore: sync latest demo-ready API updates #32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4,7 +4,7 @@ import { asyncHandler } from '../../handler/async.handler.js'; | |
| import { errorResponse, successResponse } from '../../core/response.js'; | ||
|
|
||
| export const askCoachHandler = asyncHandler(async (req: Request, res: Response) => { | ||
| const userId = req.user?.id; | ||
| const userId = req.user?.id || req.body.userId; // Temporary support for userId in body for testing purposes | ||
| const { message: userMessage } = req.body; | ||
|
|
||
| if (!userId) { | ||
|
|
@@ -23,7 +23,7 @@ export const askCoachHandler = asyncHandler(async (req: Request, res: Response) | |
| }); | ||
|
|
||
| export const getSummaryHandler = asyncHandler(async (req: Request, res: Response) => { | ||
| const userId = req.user?.id; | ||
| const userId = req.user?.id || req.body.userId; // Temporary support for userId in body for testing purposes | ||
|
||
| if (!userId) { | ||
| return errorResponse( | ||
| res, | ||
|
|
||
| Original file line number | Diff line number | Diff line change | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
@@ -5,13 +5,13 @@ import { errorResponse, successResponse } from '../../core/response.js'; | |||||||||||||
|
|
||||||||||||||
| export const googleLoginHandler = asyncHandler(async (req: Request, res: Response) => { | ||||||||||||||
| const { token } = req.body; | ||||||||||||||
| const jwtToken = await verifyGoogleTokenAndLogin(token); | ||||||||||||||
| const result = await verifyGoogleTokenAndLogin(token); | ||||||||||||||
|
|
||||||||||||||
| return successResponse(res, 200, 'Login berhasil', { token: jwtToken }); | ||||||||||||||
| return successResponse(res, 200, 'Login berhasil', result); | ||||||||||||||
| }); | ||||||||||||||
|
|
||||||||||||||
| export const onboardingHandler = asyncHandler(async (req: Request, res: Response) => { | ||||||||||||||
| const userId = req.user?.id; | ||||||||||||||
| const userId = req.user?.id || req.body.userId; // Temporary support for userId in body for testing purposes | ||||||||||||||
|
||||||||||||||
| const userId = req.user?.id || req.body.userId; // Temporary support for userId in body for testing purposes | |
| let userId = req.user?.id; | |
| // Only allow fallback to req.body.userId in development mode | |
| if (!userId && process.env.NODE_ENV === 'development') { | |
| userId = req.body.userId; | |
| } |
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -6,7 +6,7 @@ import { parseCheckinTime } from '../../utils/index.js'; | |||||
|
|
||||||
| const client = new OAuth2Client(config.google.clientId); | ||||||
|
|
||||||
| export async function verifyGoogleTokenAndLogin(googleToken: string): Promise<string> { | ||||||
| export async function verifyGoogleTokenAndLogin(googleToken: string) { | ||||||
|
||||||
| export async function verifyGoogleTokenAndLogin(googleToken: string) { | |
| export async function verifyGoogleTokenAndLogin(googleToken: string): Promise<{ token: string; userId: string }> { |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -10,7 +10,7 @@ import { asyncHandler } from '../../handler/async.handler.js'; | |
| import { errorResponse, successResponse } from '../../core/response.js'; | ||
|
|
||
| export const createPostHandler = asyncHandler(async (req: Request, res: Response) => { | ||
| const userId = req.user?.id; | ||
| const userId = req.user?.id || req.body.userId; // Temporary support for userId in body for testing purposes | ||
|
||
| const postData = req.body; | ||
|
|
||
| if (!userId) { | ||
|
|
@@ -33,7 +33,7 @@ export const getPostsHandler = asyncHandler(async (req: Request, res: Response) | |
| }); | ||
|
|
||
| export const createCommentHandler = asyncHandler(async (req: Request, res: Response) => { | ||
| const userId = req.user?.id; | ||
| const userId = req.user?.id || req.body.userId; // Temporary support for userId in body for testing purposes | ||
|
||
| const { postId } = req.params; | ||
| const { content } = req.body; | ||
|
|
||
|
|
@@ -54,7 +54,7 @@ export const createCommentHandler = asyncHandler(async (req: Request, res: Respo | |
| }); | ||
|
|
||
| export const addLikeHandler = asyncHandler(async (req: Request, res: Response) => { | ||
| const userId = req.user?.id; | ||
| const userId = req.user?.id || req.body.userId; // Temporary support for userId in body for testing purposes | ||
|
||
| const { postId } = req.params; | ||
|
|
||
| if (!userId) { | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4,7 +4,7 @@ import { asyncHandler } from '../../handler/async.handler.js'; | |
| import { errorResponse, successResponse } from '../../core/response.js'; | ||
|
|
||
| export const createJournalHandler = asyncHandler(async (req: Request, res: Response) => { | ||
| const userId = req.user?.id; | ||
| const userId = req.user?.id || req.body.userId; // Temporary support for userId in body for testing purposes | ||
|
||
| const { content } = req.body; | ||
|
|
||
| if (!userId) { | ||
|
|
@@ -21,7 +21,7 @@ export const createJournalHandler = asyncHandler(async (req: Request, res: Respo | |
| }); | ||
|
|
||
| export const getJournalsHandler = asyncHandler(async (req: Request, res: Response) => { | ||
| const userId = req.user?.id; | ||
| const userId = req.user?.id || req.body.userId; // Temporary support for userId in body for testing purposes | ||
|
||
| if (!userId) { | ||
| return errorResponse( | ||
| res, | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4,7 +4,7 @@ import { asyncHandler } from '../../handler/async.handler.js'; | |
| import { errorResponse, successResponse } from '../../core/response.js'; | ||
|
|
||
| export const dailyCheckinHandler = asyncHandler(async (req: Request, res: Response) => { | ||
| const userId = req.user?.id; | ||
| const userId = req.user?.id || req.body.userId; // Temporary support for userId in body for testing purposes | ||
|
||
| const checkinData = req.body; | ||
|
|
||
| if (!userId) { | ||
|
|
@@ -21,7 +21,7 @@ export const dailyCheckinHandler = asyncHandler(async (req: Request, res: Respon | |
| }); | ||
|
|
||
| export const getStatisticsHandler = asyncHandler(async (req: Request, res: Response) => { | ||
| const userId = req.user?.id; | ||
| const userId = req.user?.id || req.body.userId; // Temporary support for userId in body for testing purposes | ||
|
||
| if (!userId) { | ||
| return errorResponse( | ||
| res, | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4,7 +4,7 @@ import { asyncHandler } from '../../handler/async.handler.js'; | |
| import { errorResponse, successResponse } from '../../core/response.js'; | ||
|
|
||
| export const getMeHandler = asyncHandler(async (req: Request, res: Response) => { | ||
| const userId = req.user?.id; | ||
| const userId = req.user?.id || req.body.userId; // Temporary support for userId in body for testing purposes | ||
|
||
| if (!userId) { | ||
| return errorResponse( | ||
| res, | ||
|
|
@@ -28,7 +28,7 @@ export const getMeHandler = asyncHandler(async (req: Request, res: Response) => | |
| }); | ||
|
|
||
| export const updateUserSettingsHandler = asyncHandler(async (req: Request, res: Response) => { | ||
| const userId = req.user?.id; | ||
| const userId = req.user?.id || req.body.userId; // Temporary support for userId in body for testing purposes | ||
|
||
| const dataToUpdate = req.body; | ||
|
|
||
| if (!userId) { | ||
|
|
@@ -55,7 +55,7 @@ export const resetUserDataHandler = asyncHandler(async (req: Request, res: Respo | |
| // ); | ||
| // } | ||
|
|
||
| const userId = req.user?.id; | ||
| const userId = req.user?.id || req.body.userId; // Temporary support for userId in body for testing purposes | ||
|
||
| if (!userId) { | ||
| return errorResponse( | ||
| res, | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The fallback to
req.body.userIdcreates a critical security vulnerability, allowing any client to impersonate any user by simply passing a userId in the request body. This bypasses authentication entirely. Even for testing, this should be protected by environment checks (e.g., only allow in development mode) or use a separate testing endpoint.