feat: add ownership check to evaluateAnswer, AuthenticatedRequest type

apps/api/src/controllers/gameController.ts

@@ -1,30 +1,47 @@
-import type { Request, Response, NextFunction } from "express";
+import type { Response, NextFunction } from "express";
+import type { AuthenticatedRequest } from "../types/express.js";
 import { GameRequestSchema, AnswerSubmissionSchema } from "@lila/shared";
 import { createGameSession, evaluateAnswer } from "../services/gameService.js";
 import { ValidationError } from "../errors/AppError.js";
 import type { GameSessionStore } from "../gameSessionStore/index.js";
 
 export const createGameController = (store: GameSessionStore) => ({
-  createGame: async (req: Request, res: Response, next: NextFunction) => {
+  createGame: async (
+    req: AuthenticatedRequest,
+    res: Response,
+    next: NextFunction,
+  ) => {
     try {
       const gameSettings = GameRequestSchema.safeParse(req.body);
       if (!gameSettings.success) {
         throw new ValidationError(gameSettings.error.message);
       }
-      const gameQuestions = await createGameSession(gameSettings.data, store);
+      const gameQuestions = await createGameSession(
+        gameSettings.data,
+        store,
+        req.session.user.id,
+      );
       res.json({ success: true, data: gameQuestions });
     } catch (error) {
       next(error);
     }
   },
 
-  submitAnswer: async (req: Request, res: Response, next: NextFunction) => {
+  submitAnswer: async (
+    req: AuthenticatedRequest,
+    res: Response,
+    next: NextFunction,
+  ) => {
     try {
       const submission = AnswerSubmissionSchema.safeParse(req.body);
       if (!submission.success) {
         throw new ValidationError(submission.error.message);
       }
-      const result = await evaluateAnswer(submission.data, store);
+      const result = await evaluateAnswer(
+        submission.data,
+        store,
+        req.session.user.id,
+      );
       res.json({ success: true, data: result });
     } catch (error) {
       next(error);