Update message controller to validate room membership before sending …

…a message
langx · Apr 11, 2024 · 6256995 · 6256995
1 parent 992fbb6
commit 6256995
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/src/controllers/message.controller.ts b/src/controllers/message.controller.ts
@@ -26,6 +26,10 @@ interface UserDocument extends Models.Document {
   blockedUsers?: string[];
 }
 
+interface RoomDocument extends Models.Document {
+  users: string[];
+}
+
 export default class MessageController {
   async create(req: Request, res: Response) {
     try {
@@ -89,6 +93,23 @@ export default class MessageController {
 
       const database = new Databases(client);
 
+      // Check Room has this user or not
+      const roomDoc = (await database.getDocument(
+        env.APP_DATABASE,
+        env.ROOMS_COLLECTION,
+        roomId
+      )) as RoomDocument;
+
+      // console.log(`roomDoc.users: ${roomDoc.users}`);
+      // console.log(`sender: ${sender}`);
+      // console.log(`to: ${to}`);
+
+      // Check if the user is in the room
+      if (!roomDoc.users.includes(sender) || !roomDoc.users.includes(to)) {
+        res.status(403).json({ message: "You are not in this room." });
+        return;
+      }
+
       // Check user blocked or not
       const currentUserDoc = (await database.getDocument(
         env.APP_DATABASE,