diff --git a/src/main/java/org/ntlab/tampoposerver/resources/FriendRequestsResource.java b/src/main/java/org/ntlab/tampoposerver/resources/FriendRequestsResource.java index 1937276..0742a23 100644 --- a/src/main/java/org/ntlab/tampoposerver/resources/FriendRequestsResource.java +++ b/src/main/java/org/ntlab/tampoposerver/resources/FriendRequestsResource.java @@ -10,6 +10,7 @@ import org.springframework.stereotype.Component; import java.util.ArrayList; +import java.util.UUID; @Path("/friend-requests") @Component @@ -32,6 +33,12 @@ if (token.isBlank()) { return Response.status(Response.Status.BAD_REQUEST).build(); } + // tokenがUUIDの規格に沿っていないとき + try { + UUID.fromString(token); + } catch (IllegalArgumentException e) { + return Response.status(Response.Status.BAD_REQUEST).build(); + } // 200 ArrayList requests = friendService.getFriendRequests(token); @@ -42,14 +49,18 @@ @Consumes(MediaType.APPLICATION_FORM_URLENCODED) @Produces(MediaType.APPLICATION_JSON) public Response postFriendRequest(@FormParam("sender-id") String senderId, @FormParam("receiver-id") String receiverId, @FormParam("token") String token) { - //201(フレンドリクエスト作成) + + //403(未認証&トークンの不一致) + if (!userRepository.checkToken(senderId, token) && !userRepository.checkToken(receiverId, token)) { + return Response.status(Response.Status.UNAUTHORIZED).build(); + } + FriendRequest created = friendService.createFriendRequest(token, senderId, receiverId); if (created == null) { return Response.status(Response.Status.BAD_REQUEST).build(); } + // 201(フレンドリクエスト作成) return Response.status(Response.Status.OK).entity(created.getId()).build(); - - } @Path("/{friend-request-id}")