feat: ✨ Adding security to handle if the user have a verfied acount before create a new challenge (#7)

Author: nduboi

api_server/server.js

@@ -160,6 +160,7 @@ app.get('/set_challenge', async (req, res) => {
     const type = req.query.type;
     const token = req.query.token;
     const api_token = req.query.api_token
+
     if (api_token != getenv('API_TOKEN'))
         return res.status(700).json({ error: 'Wrong api token' });
     if ((defi === undefined || type === undefined || token === undefined) && (type != 1 && type != 2)) {

app_server/server.cjs

@@ -157,16 +157,29 @@ async function set_new_user_api(email, pseudo, password, token) {
     }
 }
 
+async function create_challenge_api(defi, type, token) {
+    const response = await fetch('http://api_js:8080/set_challenge?defi='+defi+'&type='+type+'&token='+token+'&api_token='+getenv('API_TOKEN'));
+    if (!response.ok) {
+        throw new Error('Failed to fetch data');
+    }
+    const data = await response.json();
+    return data;
+}
+
 async function set_new_challenge_api(defi, type, token) {
     try {
-        const response = await fetch('http://api_js:8080/set_challenge?defi='+defi+'&type='+type+'&token='+token+'&api_token='+getenv('API_TOKEN'));
-        if (!response.ok) {
-            throw new Error('Failed to fetch data');
+        const info = await get_pseudo_from_api_with_token(token);
+        if (Object.keys(info).length === 1) {
+            if (info[0].status_verif == 1) {
+                return create_challenge_api(defi, type, token);
+            } else {
+                throw new Error('Email not verified');
+            }
+        } else {
+            throw new Error('No account found');
         }
-        const data = await response.json();
-        return data;
     } catch (error) {
-        console.error('Error:', error);
+        throw new Error(error.message);
     }
 }
 
@@ -244,7 +257,7 @@ io.on("connection", (socket) => {
                 socket.emit("awnser_server_data_challenge :"+data.token, {status : "success"})
             })
             .catch(error => {
-                socket.emit("awnser_server_data_challenge :"+data.token, {status : "error", message : "There is a error with the data"})
+                socket.emit("awnser_server_data_challenge :"+data.token, {status : "error", message : error.message})
             });
         }
     });

app_server/src/add_challenge.html

@@ -62,7 +62,7 @@ <h1 id="title" class="">Ajout de challenge</h1>
             document.getElementById('defi').value = "";
             console.log(txt);
             if ((typeof txt === "string" && txt.length === 0) || txt == null) {
-                document.getElementById('confirmation').innerHTML = "<p class=\"text-red-400 text-xl font-bold\">Challenge vide !</p>"
+                document.getElementById('confirmation').innerHTML = "<p class=\"text-red-600 text-xl font-bold\">Empty challenge</p>"
             }
             else {
                 socket.emit("send_data_add_challenge", {type : choice, defi : txt, token : token});
@@ -73,7 +73,7 @@ <h1 id="title" class="">Ajout de challenge</h1>
                 if (data.status == "success") {
                     document.getElementById('confirmation').innerHTML = "<p class=\"text-green-400 text-xl font-bold\">Challenge created !</p>"
                 } else {
-                    document.getElementById('confirmation').innerHTML = "<p class=\"text-red-400 text-xl font-bold\">Error</p>"
+                    document.getElementById('confirmation').innerHTML = "<p class=\"text-red-600 text-xl font-bold\">"+data.message+"</p>"
                 }
             });
         }