Slight refactor and finish enforcement on endpoints

2025-07-26 06:58:40 +00:00 · 2024-12-23 00:30:37 -05:00 · 2024-12-23 00:30:37 -05:00 · f6cbafd524
commit f6cbafd524
parent 5bdb1c0501
7 changed files with 78 additions and 35 deletions
--- a/ProjectLighthouse.Servers.GameServer/Controllers/UserController.cs
+++ b/ProjectLighthouse.Servers.GameServer/Controllers/UserController.cs
@ -29,6 +29,8 @@ public class UserController : ControllerBase
 {
    private readonly DatabaseContext database;

+    private static readonly bool emailEnforcementEnabled = EnforceEmailConfiguration.Instance.EnableEmailEnforcement;
+
    public UserController(DatabaseContext database)
    {
        this.database = database;
@ -36,7 +38,11 @@ public class UserController : ControllerBase

    [HttpGet("user/{username}")]
    public async Task<IActionResult> GetUser(string username)
-    {
+    { 
+        // Return bad request on unverified email if enforcement is enabled 
+        GameTokenEntity token = this.GetToken();
+        if (emailEnforcementEnabled && !token.User.EmailAddressVerified) return this.BadRequest();
+
        UserEntity? user = await this.database.Users.FirstOrDefaultAsync(u => u.Username == username);
        if (user == null) return this.NotFound();

@ -66,9 +72,11 @@ public class UserController : ControllerBase
    public async Task<IActionResult> UpdateUser()
    {
        GameTokenEntity token = this.GetToken();
-
        UserEntity? user = await this.database.UserFromGameToken(token);
-        if (user == null) return this.Forbid();
+        if (user == null) return this.Forbid(); 
+
+        // Return bad request on unverified email if enforcement is enabled 
+        if (emailEnforcementEnabled && !user.EmailAddressVerified) return this.BadRequest();

        UserUpdate? update = await this.DeserializeBody<UserUpdate>("updateUser", "user");

@ -176,6 +184,9 @@ public class UserController : ControllerBase
        UserEntity? user = await this.database.UserFromGameToken(this.GetToken());
        if (user == null) return this.Forbid();

+        // Return bad request on unverified email if enforcement is enabled 
+        if (emailEnforcementEnabled && !user.EmailAddressVerified) return this.BadRequest();
+
        string bodyString = await this.ReadBodyAsync();

        Pins? pinJson = JsonSerializer.Deserialize<Pins>(bodyString);