forgejo-lila/lila
1
0
Fork 0
Code Issues 50 Pull requests Projects 1 Releases Packages Wiki Activity Actions

feat: add ownership check to evaluateAnswer, AuthenticatedRequest type

Browse source
This commit is contained in:
lila 2026-04-28 14:39:13 +02:00
parent fdeb769640
commit 1e30f04e81
8 changed files with 189 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

6
apps/api/src/services/gameService.ts
View file

@ -15,6 +15,7 @@ import { shuffleArray } from "../lib/utils.js";
export const createGameSession = async (
request: GameRequest,
store: GameSessionStore,
userId: string,
): Promise<GameSession> => {
const terms = await getGameTerms(
request.source_language,
@ -59,7 +60,7 @@ export const createGameSession = async (
);
const sessionId = randomUUID();
await store.create(sessionId, { answers: answerKey }, 30 * 60 * 1000);
await store.create(sessionId, { answers: answerKey, userId }, 30 * 60 * 1000);
return { sessionId, questions };
};
@ -67,10 +68,11 @@ export const createGameSession = async (
export const evaluateAnswer = async (
submission: AnswerSubmission,
store: GameSessionStore,
userId: string,
): Promise<AnswerResult> => {
const session = await store.get(submission.sessionId);
if (!session) {
if (!session || session.userId !== userId) {
throw new NotFoundError(`Game session not found: ${submission.sessionId}`);
}