fix: 어뷰징 로직 처리 위치 및 preVerificationKey 처리

sparcs-kaist · Sep 3, 2024 · 97c025a · 97c025a
1 parent e541fc0
commit 97c025a
Show file tree

Hide file tree

Showing 2 changed files with 62 additions and 10 deletions.
diff --git a/src/modules/jwt.js b/src/modules/jwt.js
@@ -0,0 +1,38 @@
+const jwt = require("jsonwebtoken");
+const { secretKey, option, TOKEN_EXPIRED, TOKEN_INVALID } =
+  require("../../../loadenv").jwt;
+
+const signJwt = async (payload) => {
+  const options = { ...option };
+
+  if (type === "refresh") {
+    options.expiresIn = "30d";
+  }
+  if (type === "access") {
+    options.expiresIn = "14d";
+  }
+
+  const result = {
+    token: jwt.sign(payload, secretKey, options),
+  };
+  return result;
+};
+
+const verifyJwt = async (token) => {
+  let decoded;
+  try {
+    decoded = jwt.verify(token, secretKey);
+  } catch (err) {
+    if (err.message === "jwt expired") {
+      return TOKEN_EXPIRED;
+    } else {
+      return TOKEN_INVALID;
+    }
+  }
+  return decoded;
+};
+
+module.exports = {
+  sign: signJwt,
+  verify: verifyJwt,
+};
diff --git a/src/services/rooms.js b/src/services/rooms.js
@@ -14,6 +14,10 @@ const {
   notifyRoomCreationAbuseToReportChannel,
 } = require("../modules/slackNotification");
 
+const {
+  signJwt,verifyJwt
+} = require("../modules/jwt")
+
 // 이벤트 코드입니다.
 const { eventConfig } = require("../../loadenv");
 const eventPeriod = eventConfig && {
@@ -23,7 +27,24 @@ const eventPeriod = eventConfig && {
 const { contracts } = require("../lottery");
 
 const createHandler = async (req, res) => {
-  const { name, from, to, time, maxPartLength } = req.body;
+  const { name, from, to, time, maxPartLength,preValidationKey } = req.body;
+
+  if(!preValidationKey){
+    return res.status(400).json({
+      error: "Rooms/create : preValidation Key is Not Found"
+    })
+  }
+
+  const isAbuseResult = verifyJwt(preValidationKey)
+
+  if(typeof isAbuseResult != object || isAbuseResult.isAbuse) {
+    const user = await userModel.findById(req.userOid).lean();
+    notifyRoomCreationAbuseToReportChannel(
+      req.userOid,
+      user?.nickname ?? req.userOid,
+      req.body
+    );
+  }
 
   try {
     if (from === to) {
@@ -168,16 +189,9 @@ const createTestHandler = async (req, res) => {
       countRecentlyMadeRooms,
       candidateRooms
     );
-    if (isAbusing) {
-      const user = await userModel.findById(req.userOid).lean();
-      notifyRoomCreationAbuseToReportChannel(
-        req.userOid,
-        user?.nickname ?? req.userOid,
-        req.body
-      );
-    }
+    const preValidationKey = await signJwt({isAbusing: isAbusing})
 
-    return res.json({ result: !isAbusing });
+    return res.json({ result: !isAbusing, preValidationKey });
   } catch (err) {
     logger.error(err);
     res.status(500).json({