Add Authentication Check to Ensure only Matched Users can Enter a Room

Nephelite · Nephelite · commit 6f7737b6dae1 · 2024-11-09T21:35:40.000+08:00
Also, deleted obsolete route and controller method in historyCotnroller in question service
diff --git a/backend/matching-service/controllers/roomController.ts b/backend/matching-service/controllers/roomController.ts
@@ -1,10 +1,11 @@
+import { AuthenticatedRequest } from "middlewares/auth";
 import roomModel from "../models/RoomSchema";
-import { Request, Response, NextFunction } from "express";
+import { Response, NextFunction } from "express";
 
 const ROOM_LIFESPAN = parseInt(process.env.ROOM_LIFESPAN || "86400000"); // 86400000ms = 1 day
 
 export async function getRoomDetails(
-    request: Request,
+    request: AuthenticatedRequest,
     response: Response,
     next: NextFunction
 ) {
@@ -13,11 +14,14 @@ export async function getRoomDetails(
         console.log(roomId)
         const room = await roomModel.findOne({ roomId });
         if (!room) {
-            throw new Error("Room not found");
+            throw new Error("Room not found.");
+        }
+        if (room.participants.every((participant) => participant !== request.userId)) {
+            throw new Error("Non-matched user cannot enter this room.");
         }
         if (Date.now() - room.createdAt.getTime() > ROOM_LIFESPAN) {
-            throw new Error("Room has expired");
-        } 
+            throw new Error("Room has expired.");
+        }
         response.status(200).json({
             roomId, 
             attemptStartedAt: room.createdAt.getTime(),
diff --git a/backend/question-service/controllers/historyController.ts b/backend/question-service/controllers/historyController.ts
@@ -85,26 +85,6 @@ export const createOrUpdateUserHistoryEntry = async (req: any, res: Response) =>
   }
 };
 
-export const removeRoomIdPresence = async (req: any, res: Response) => {
-  try {
-    const userId = req.userId;
-    const { roomId } = req.params;
-
-    const existingEntries = await historyEntryModel.find({ roomId });
-    const updatedEntries: string[] = [];
-
-    existingEntries.forEach(async (entry) => {
-      entry.roomId = "";
-      await entry.save();
-      updatedEntries.push(entry._id.toString());
-    });
-
-    return res.status(200).json({ updatedEntries });
-  } catch (error) {
-    return res.status(500).json({ error: getErrorMessage(error) });
-  }
-};
-
 export const deleteUserHistoryEntry = async (req: any, res: Response) => {
   try {
     const userId = req.userId;
diff --git a/backend/question-service/routes/historyRoutes.ts b/backend/question-service/routes/historyRoutes.ts
@@ -5,15 +5,13 @@ import {
   deleteUserHistoryEntry,
   deleteUserHistoryEntries,
   deleteAllUserHistoryEntries,
-  removeRoomIdPresence,
 } from "../controllers/historyController";
 import { verifyAccessToken } from "../middlewares/basic-access-control";
 
 const router = express.Router();
 
 router.get("/", verifyAccessToken, getUserHistoryEntries);
 router.post("/", verifyAccessToken, createOrUpdateUserHistoryEntry);
-router.post("/room/:id", verifyAccessToken, removeRoomIdPresence);
 router.delete("/user/:id", verifyAccessToken, deleteUserHistoryEntry);
 router.delete("/user", verifyAccessToken, deleteUserHistoryEntries);
 router.delete("/all", verifyAccessToken, deleteAllUserHistoryEntries);
