diff --git a/convex/_generated/api.d.ts b/convex/_generated/api.d.ts index 90d2eb89..606962af 100644 --- a/convex/_generated/api.d.ts +++ b/convex/_generated/api.d.ts @@ -4,7 +4,7 @@ * * THIS CODE IS AUTOMATICALLY GENERATED. * - * Generated by convex@1.12.1. + * Generated by convex@1.12.2. * To regenerate, run `npx convex dev`. * @module */ diff --git a/convex/_generated/api.js b/convex/_generated/api.js index c820c6f2..ad3dfd2c 100644 --- a/convex/_generated/api.js +++ b/convex/_generated/api.js @@ -4,7 +4,7 @@ * * THIS CODE IS AUTOMATICALLY GENERATED. * - * Generated by convex@1.12.1. + * Generated by convex@1.12.2. * To regenerate, run `npx convex dev`. * @module */ diff --git a/convex/_generated/dataModel.d.ts b/convex/_generated/dataModel.d.ts index 5fc7722b..a935214c 100644 --- a/convex/_generated/dataModel.d.ts +++ b/convex/_generated/dataModel.d.ts @@ -4,7 +4,7 @@ * * THIS CODE IS AUTOMATICALLY GENERATED. * - * Generated by convex@1.12.1. + * Generated by convex@1.12.2. * To regenerate, run `npx convex dev`. * @module */ diff --git a/convex/_generated/server.d.ts b/convex/_generated/server.d.ts index af0160d3..3c757250 100644 --- a/convex/_generated/server.d.ts +++ b/convex/_generated/server.d.ts @@ -4,7 +4,7 @@ * * THIS CODE IS AUTOMATICALLY GENERATED. * - * Generated by convex@1.12.1. + * Generated by convex@1.12.2. * To regenerate, run `npx convex dev`. * @module */ diff --git a/convex/_generated/server.js b/convex/_generated/server.js index 06748ad9..d76b05a8 100644 --- a/convex/_generated/server.js +++ b/convex/_generated/server.js @@ -4,7 +4,7 @@ * * THIS CODE IS AUTOMATICALLY GENERATED. * - * Generated by convex@1.12.1. + * Generated by convex@1.12.2. * To regenerate, run `npx convex dev`. * @module */ diff --git a/convex/chats.ts b/convex/chats.ts index e793e3da..71bd9927 100644 --- a/convex/chats.ts +++ b/convex/chats.ts @@ -97,7 +97,7 @@ export const getChats = query({ const identity = await ctx.auth.getUserIdentity(); if (identity === null) { - return null; + throw new ConvexError("Unauthenticated call to mutation"); } return await ctx @@ -168,7 +168,7 @@ export const getChatInfoFromId = query({ const identity = await ctx.auth.getUserIdentity(); if (identity === null) { - return null; + throw new ConvexError("Unauthenticated call to mutation"); } const parsedChatId = ctx.table("privateChats").normalizeId(args.chatId); @@ -183,13 +183,21 @@ export const getChatInfoFromId = query({ throw new ConvexError("did not find chat"); } - const chatWithUser = { + const usersInChat = await chat.edge("users"); + + if ( + !usersInChat.some((user) => user.clerkId === identity.tokenIdentifier) + ) { + throw new ConvexError( + "UNAUTHORIZED REQUEST: User requested chat info from a chat in which he is not in.", + ); + } + + return { basicChatInfo: chat, - otherUser: (await chat.edge("users")).filter( + otherUser: usersInChat.filter( (user) => user.clerkId !== identity.tokenIdentifier, ), }; - - return chatWithUser; }, }); diff --git a/convex/messages.ts b/convex/messages.ts index eb2a055a..3c5a5026 100644 --- a/convex/messages.ts +++ b/convex/messages.ts @@ -4,23 +4,37 @@ import { ConvexError, v } from "convex/values"; export const getMessages = query({ args: { chatId: v.string() }, handler: async (ctx, args) => { + const identity = await ctx.auth.getUserIdentity(); + + if (identity === null) { + throw new ConvexError("Unauthenticated call to mutation"); + } + const parsedChatId = ctx.table("privateChats").normalizeId(args.chatId); if (!parsedChatId) { throw new ConvexError("chatId was invalid"); } - return ctx - .table("privateChats") - .getX(parsedChatId) - .edge("messages") - .map(async (message) => ({ - ...message, - userId: undefined, - from: await ctx.table("users").getX(message.userId), - readBy: await message.edge("readBy"), - sent: true, - })); + const chat = ctx.table("privateChats").getX(parsedChatId); + + const usersInChat = await chat.edge("users"); + + if ( + !usersInChat.some((user) => user.clerkId === identity.tokenIdentifier) + ) { + throw new ConvexError( + "UNAUTHORIZED REQUEST: User requested messages from a chat in which he is not in.", + ); + } + + return chat.edge("messages").map(async (message) => ({ + ...message, + userId: undefined, + from: await ctx.table("users").getX(message.userId), + readBy: await message.edge("readBy"), + sent: true, + })); }, }); @@ -30,7 +44,7 @@ export const createMessage = mutation({ const identity = await ctx.auth.getUserIdentity(); if (identity === null) { - return null; + throw new ConvexError("Unauthenticated call to mutation"); } const convexUser = await ctx @@ -49,6 +63,19 @@ export const createMessage = mutation({ ); } + const usersInChat = await ctx + .table("privateChats") + .getX(parsedChatId) + .edge("users"); + + if ( + !usersInChat.some((user) => user.clerkId === identity.tokenIdentifier) + ) { + throw new ConvexError( + "UNAUTHORIZED REQUEST: User tried to send a message in a chat in which he is not in.", + ); + } + if (args.content.trim() === "") throw new Error("Post cannot be empty"); await ctx.table("messages").insert({ @@ -64,6 +91,12 @@ export const createMessage = mutation({ export const deleteMessage = mutation({ args: { messageId: v.string() }, handler: async (ctx, args) => { + const identity = await ctx.auth.getUserIdentity(); + + if (identity === null) { + throw new ConvexError("Unauthenticated call to mutation"); + } + const parsedMessageId = ctx.table("messages").normalizeId(args.messageId); if (!parsedMessageId) { @@ -73,14 +106,18 @@ export const deleteMessage = mutation({ const message = await ctx.table("messages").getX(parsedMessageId); const chatId = message.privateChatId; const chat = await ctx.table("privateChats").getX(chatId); - const users = await chat.edge("users"); + const usersInChat = await chat.edge("users"); + + if ((await message.edge("user")).clerkId !== identity.tokenIdentifier) { + throw new ConvexError( + "UNAUTHORIZED REQUEST: User tried to delete a message from another person.", + ); + } - await ( - await ctx.table("messages").getX(parsedMessageId) - ).patch({ + await message.patch({ content: "", deleted: true, - readBy: { add: users.map((user) => user._id) }, + readBy: { add: usersInChat.map((user) => user._id) }, }); }, }); @@ -91,7 +128,7 @@ export const markMessageRead = mutation({ const identity = await ctx.auth.getUserIdentity(); if (identity === null) { - return null; + throw new ConvexError("Unauthenticated call to mutation"); } const convexUser = await ctx diff --git a/convex/users.ts b/convex/users.ts index 8491b4b7..41e5201a 100644 --- a/convex/users.ts +++ b/convex/users.ts @@ -1,11 +1,12 @@ import { query } from "./lib/functions"; +import { ConvexError } from "convex/values"; export const getUserData = query({ - handler: async (ctx, args) => { + handler: async (ctx) => { const identity = await ctx.auth.getUserIdentity(); if (identity === null) { - return null; + throw new ConvexError("Unauthenticated call to mutation"); } return ctx.table("users").getX("clerkId", identity.tokenIdentifier);