Spaces:
Sleeping
Sleeping
Update app.js
Browse files
app.js
CHANGED
|
@@ -428,11 +428,12 @@ app.post('/project/feedback', async (req, res) => {
|
|
| 428 |
app.post('/project/ping', async (req, res) => {
|
| 429 |
// 1. Accept userId along with projectId
|
| 430 |
const { projectId, userId } = req.body;
|
|
|
|
| 431 |
|
| 432 |
if (!projectId || !userId) {
|
| 433 |
return res.status(400).json({ error: "Missing ID fields" });
|
| 434 |
}
|
| 435 |
-
|
| 436 |
// 2. Retrieve Project State (Hydrates from DB if not in memory)
|
| 437 |
const project = await StateManager.getProject(projectId);
|
| 438 |
|
|
@@ -441,13 +442,14 @@ app.post('/project/ping', async (req, res) => {
|
|
| 441 |
console.log("project not found in db, id: ", projectId);
|
| 442 |
return res.status(404).json({ action: "IDLE", error: "Project not found" });
|
| 443 |
}
|
|
|
|
| 444 |
|
| 445 |
// 3. SECURITY CHECK: Ensure the user matches the project owner
|
| 446 |
if (project.userId !== userId) {
|
| 447 |
console.warn(`[Security] Unauthorized ping for ${projectId}. Owner: ${project.userId}, Request: ${userId}`);
|
| 448 |
return res.status(403).json({ error: "Unauthorized: You do not own this project." });
|
| 449 |
}
|
| 450 |
-
|
| 451 |
// 4. Retrieve Command (Only if authorized)
|
| 452 |
const command = await StateManager.popCommand(projectId);
|
| 453 |
|
|
@@ -462,6 +464,7 @@ app.post('/project/ping', async (req, res) => {
|
|
| 462 |
});
|
| 463 |
}
|
| 464 |
} else {
|
|
|
|
| 465 |
res.json({ action: "IDLE" });
|
| 466 |
}
|
| 467 |
});
|
|
|
|
| 428 |
app.post('/project/ping', async (req, res) => {
|
| 429 |
// 1. Accept userId along with projectId
|
| 430 |
const { projectId, userId } = req.body;
|
| 431 |
+
console.log("1");
|
| 432 |
|
| 433 |
if (!projectId || !userId) {
|
| 434 |
return res.status(400).json({ error: "Missing ID fields" });
|
| 435 |
}
|
| 436 |
+
console.log("2");
|
| 437 |
// 2. Retrieve Project State (Hydrates from DB if not in memory)
|
| 438 |
const project = await StateManager.getProject(projectId);
|
| 439 |
|
|
|
|
| 442 |
console.log("project not found in db, id: ", projectId);
|
| 443 |
return res.status(404).json({ action: "IDLE", error: "Project not found" });
|
| 444 |
}
|
| 445 |
+
console.log("3");
|
| 446 |
|
| 447 |
// 3. SECURITY CHECK: Ensure the user matches the project owner
|
| 448 |
if (project.userId !== userId) {
|
| 449 |
console.warn(`[Security] Unauthorized ping for ${projectId}. Owner: ${project.userId}, Request: ${userId}`);
|
| 450 |
return res.status(403).json({ error: "Unauthorized: You do not own this project." });
|
| 451 |
}
|
| 452 |
+
console.log("4");
|
| 453 |
// 4. Retrieve Command (Only if authorized)
|
| 454 |
const command = await StateManager.popCommand(projectId);
|
| 455 |
|
|
|
|
| 464 |
});
|
| 465 |
}
|
| 466 |
} else {
|
| 467 |
+
console.log("5");
|
| 468 |
res.json({ action: "IDLE" });
|
| 469 |
}
|
| 470 |
});
|