Skip to content

Commit

Permalink
fix(server): guard expired and used for gift code (#1412)
Browse files Browse the repository at this point in the history
* feat(server): add giftcode expired time

* chore

* chore(server): refactor
  • Loading branch information
HUAHUAI23 authored Jul 26, 2023
1 parent 930599d commit b28c1a5
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 5 deletions.
10 changes: 8 additions & 2 deletions server/src/account/account.controller.ts
Original file line number Diff line number Diff line change
Expand Up @@ -332,10 +332,16 @@ export class AccountController {
@UseGuards(JwtAuthGuard)
@Post('gift-code')
async giftCode(@Req() req: IRequest, @Body() dto: UseGiftCodeDto) {
const found = await this.accountService.findOneGiftCode(dto.code)
if (!found) {
const giftCode = await this.accountService.findOneGiftCode(dto.code)
if (!giftCode) {
return ResponseUtil.error("gift code doesn't exist")
}
if (giftCode.expiredAt < new Date()) {
return ResponseUtil.error('gift code has expired')
}
if (giftCode.used === true) {
return ResponseUtil.error('gift code has been used')
}
const res = await this.accountService.useGiftCode(req.user._id, dto.code)
return ResponseUtil.ok(res)
}
Expand Down
4 changes: 1 addition & 3 deletions server/src/account/account.service.ts
Original file line number Diff line number Diff line change
Expand Up @@ -384,12 +384,10 @@ export class AccountService {
}
}

async findOneGiftCode(code: string, used = false): Promise<GiftCode | null> {
async findOneGiftCode(code: string): Promise<GiftCode | null> {
const giftCode = await this.db.collection<GiftCode>('GiftCode').findOne({
code: code,
used: used,
})

return giftCode
}

Expand Down
1 change: 1 addition & 0 deletions server/src/account/entities/account-gift-code.ts
Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,6 @@ export class GiftCode {
usedBy?: ObjectId
usedAt?: Date
createdAt: Date
expiredAt?: Date
transactionId?: ObjectId
}

0 comments on commit b28c1a5

Please sign in to comment.