fix(together): JWT なし username 認証を復元(Posimai アカウント不要メンバー対応)
This commit is contained in:
parent
45893eb453
commit
4390748534
39
server.js
39
server.js
|
|
@ -807,24 +807,33 @@ async function togetherEnsureMember(pool, res, groupId, username, jwtUserId) {
|
|||
return false;
|
||||
}
|
||||
try {
|
||||
if (!jwtUserId) {
|
||||
res.status(401).json({ error: '認証が必要です' });
|
||||
if (jwtUserId) {
|
||||
const strict = await pool.query(
|
||||
`SELECT 1 FROM together_members m
|
||||
WHERE m.group_id = $1 AND (
|
||||
m.user_id = $2
|
||||
OR (
|
||||
(m.user_id IS NULL OR btrim(COALESCE(m.user_id, '')) = '')
|
||||
AND m.username = ANY($3::text[])
|
||||
)
|
||||
)`,
|
||||
[gidNum, jwtUserId, usernames]
|
||||
);
|
||||
if (strict.rows.length > 0) return true;
|
||||
res.status(403).json({ error: 'グループのメンバーではありません' });
|
||||
return false;
|
||||
}
|
||||
const strict = await pool.query(
|
||||
`SELECT 1 FROM together_members m
|
||||
WHERE m.group_id = $1 AND (
|
||||
m.user_id = $2
|
||||
OR (
|
||||
(m.user_id IS NULL OR btrim(COALESCE(m.user_id, '')) = '')
|
||||
AND m.username = ANY($3::text[])
|
||||
)
|
||||
)`,
|
||||
[gidNum, jwtUserId, usernames]
|
||||
// JWT なし: username のみで照合(Together は Posimai アカウント不要のため継続許容)
|
||||
const primaryUsername = usernames[0];
|
||||
const legacyOnly = await pool.query(
|
||||
'SELECT 1 FROM together_members WHERE group_id=$1 AND username=$2',
|
||||
[gidNum, primaryUsername]
|
||||
);
|
||||
if (strict.rows.length > 0) return true;
|
||||
res.status(403).json({ error: 'グループのメンバーではありません' });
|
||||
return false;
|
||||
if (legacyOnly.rows.length === 0) {
|
||||
res.status(403).json({ error: 'グループのメンバーではありません' });
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
} catch (e) {
|
||||
console.error('[Together] togetherEnsureMember', e.message);
|
||||
res.status(500).json({ error: 'Internal server error' });
|
||||
|
|
|
|||
Loading…
Reference in New Issue