diff --git a/src/main/java/org/ntlab/tampoposerver/resources/ChatRequestsResource.java b/src/main/java/org/ntlab/tampoposerver/resources/ChatRequestsResource.java index cec3c55..3c56e21 100644 --- a/src/main/java/org/ntlab/tampoposerver/resources/ChatRequestsResource.java +++ b/src/main/java/org/ntlab/tampoposerver/resources/ChatRequestsResource.java @@ -3,9 +3,15 @@ import jakarta.ws.rs.*; import jakarta.ws.rs.core.MediaType; import jakarta.ws.rs.core.Response; +import org.ntlab.tampoposerver.models.ChatRequest; +import org.ntlab.tampoposerver.models.FriendRequest; +import org.ntlab.tampoposerver.repositories.ChatRequestRepository; +import org.ntlab.tampoposerver.repositories.UserRepository; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import java.util.ArrayList; + import static jakarta.ws.rs.core.Response.status; @@ -15,11 +21,12 @@ public class ChatRequestsResource { - private ChatRequestRepository chatRequestRepository; - + private ChatRequestRepository chatRequestRepository ; + private UserRepository userRepository = null; @Autowired - public ChatRequestsResource(ChatRequestRepository chatRequestRepository) { + public ChatRequestsResource(UserRepository userRepository,ChatRequestRepository chatRequestRepository) { + this.userRepository = userRepository; this.chatRequestRepository = chatRequestRepository; } @@ -28,16 +35,23 @@ public Response getChatRequests( @QueryParam("token") String token, @QueryParam("user-id") String userId) { + //400(認証が必要です) tokenがなかったら400 if (token == null || token.isEmpty() || userId == null || userId.isEmpty()) { return status(Response.Status.BAD_REQUEST) .entity("認証が必要です").build(); } - // 岩谷さんのUserRepositoryでtokenの確認を行う + //200(成功レスポンス) - ArrayList requests = chatRequestRepository.getChatRequests(token, userId);//前の人がListだったらArrayListになるから作ってて頼む時はListで頼め + ArrayList requests = chatRequestRepository.getChatRequestsForUser(userId);//前の人がListだったらArrayListになるから作ってて頼む時はListで頼め + //tokenのチェックはこっちでする、ほかのひとがしていた + // 岩谷さんのUserRepositoryでtokenの確認を行う + if (!userRepository.checkToken(userId, token) ) { + return Response.status(Response.Status.UNAUTHORIZED).build(); + } + if (requests == null) { return status(Response.Status.BAD_REQUEST) .entity("認証が必要です").build(); @@ -58,14 +72,20 @@ //204チャットがリクエストされました - ChatRequestRepository created = chatRequestRepository.createChatRequest(token, senderId, receiverId); + ChatRequest created = chatRequestRepository.addChatRequest(senderId, receiverId); + //トークンのチェックよろしくじぶんで + if (!userRepository.checkToken(senderId, token) || !userRepository.checkToken(receiverId, token)) { + return Response.status(Response.Status.UNAUTHORIZED).build(); + } + + if (created == null) { return status(Response.Status.BAD_REQUEST) .entity("チャットリクエストの作成に失敗しました").build(); } return Response. - status(Response.Status.OK).entity(created.getId()).build(); + status(Response.Status.OK).entity(created.getChatRequestId()).build(); } @Path("/chat-requests/{chat-request-id}") @@ -80,15 +100,15 @@ .entity("認証が必要です") // 401 .build(); } - //403権限がありません - boolean hasPermission = checkUserPermission(receiverToken, chatRequestId); - if (!hasPermission) { - return status(Response.Status.FORBIDDEN) - .entity("権限がありません") // 403 - .build(); + + //403(未認証&トークンの不一致) + if (!userRepository.checkToken(senderId, token) && !userRepository.checkToken(receiverId, token)) { + return Response.status(Response.Status.UNAUTHORIZED).build(); } + + //404チャットリクエストが見つかりません。 - boolean deleted = deleteChatRequestById(chatRequestId); + boolean deleted = deleteChatRequest(chatRequestId); if (!deleted) { return status(Response.Status.NOT_FOUND) .entity("チャットリクエストが見つかりません") // 404