From af7634b498ee63670b9ffd229b75849e3e913cdd Mon Sep 17 00:00:00 2001 From: Ajay Date: Thu, 28 Jul 2022 13:55:43 -0400 Subject: [PATCH] Fix ad feature auth logic --- src/routes/addFeature.ts | 10 +++++----- src/utils/isUserVIP.ts | 2 +- test/cases/addFeatures.ts | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/routes/addFeature.ts b/src/routes/addFeature.ts index 9994ff3..e5e5519 100644 --- a/src/routes/addFeature.ts +++ b/src/routes/addFeature.ts @@ -3,7 +3,7 @@ import { db } from "../databases/databases"; import { config } from "../config"; import { Request, Response } from "express"; import { isUserVIP } from "../utils/isUserVIP"; -import { Feature, HashedUserID } from "../types/user.model"; +import { Feature, HashedUserID, UserID } from "../types/user.model"; import { Logger } from "../utils/logger"; import { QueryCacher } from "../utils/queryCacher"; @@ -38,11 +38,11 @@ export async function addFeature(req: AddFeatureRequest, res: Response): Promise } // hash the userID - const adminUserIDInput = await getHashCache(adminUserID); - const isAdmin = adminUserIDInput !== config.adminUserID; - const isVIP = (await isUserVIP(userID)) || isAdmin; + const adminUserIDInput = await getHashCache(adminUserID as UserID); + const isAdmin = adminUserIDInput === config.adminUserID; + const isVIP = (await isUserVIP(adminUserIDInput)) || isAdmin; - if (!isAdmin && !isVIP) { + if (!isVIP) { // not authorized return res.sendStatus(403); } diff --git a/src/utils/isUserVIP.ts b/src/utils/isUserVIP.ts index ed1ba09..50cc462 100644 --- a/src/utils/isUserVIP.ts +++ b/src/utils/isUserVIP.ts @@ -2,6 +2,6 @@ import { db } from "../databases/databases"; import { HashedUserID } from "../types/user.model"; export async function isUserVIP(userID: HashedUserID): Promise { - return (await db.prepare("get", `SELECT count(*) as "userCount" FROM "vipUsers" WHERE "userID" = ? LIMIT 1`, + return (await db.prepare("get", `SELECT count(*) as "userCount" FROM "vipUsers" WHERE "userID" = ? LIMIT 1`, [userID], { useReplica: true }))?.userCount > 0; } diff --git a/test/cases/addFeatures.ts b/test/cases/addFeatures.ts index 9b2c574..657555e 100644 --- a/test/cases/addFeatures.ts +++ b/test/cases/addFeatures.ts @@ -41,7 +41,7 @@ describe("addFeatures", () => { it("can add features", async () => { for (const feature of validFeatures) { - const result = await postAddFeatures(hashedUserID1, vipUserID, feature, "true"); + const result = await postAddFeatures(hashedUserID1, privateVipUserID, feature, "true"); assert.strictEqual(result.status, 200); assert.strictEqual(await hasFeature(hashedUserID1, feature), true); @@ -51,7 +51,7 @@ describe("addFeatures", () => { it("can remove features", async () => { const feature = Feature.ChapterSubmitter; - const result = await postAddFeatures(hashedUserID2, vipUserID, feature, "false"); + const result = await postAddFeatures(hashedUserID2, privateVipUserID, feature, "false"); assert.strictEqual(result.status, 200); assert.strictEqual(await hasFeature(hashedUserID2, feature), false); @@ -60,7 +60,7 @@ describe("addFeatures", () => { it("can update features", async () => { const feature = Feature.ChapterSubmitter; - const result = await postAddFeatures(hashedUserID3, vipUserID, feature, "true"); + const result = await postAddFeatures(hashedUserID3, privateVipUserID, feature, "true"); assert.strictEqual(result.status, 200); assert.strictEqual(await hasFeature(hashedUserID3, feature), true);