From 4abb15cb07962ae7f72ac91a4a4d3af1b651de34 Mon Sep 17 00:00:00 2001 From: lim Date: Mon, 4 Mar 2024 17:53:51 +0900 Subject: [PATCH 1/2] [backend] Add block-related test to friend request test --- backend/test/user.e2e-spec.ts | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/backend/test/user.e2e-spec.ts b/backend/test/user.e2e-spec.ts index d4bb462c..cb255d0c 100644 --- a/backend/test/user.e2e-spec.ts +++ b/backend/test/user.e2e-spec.ts @@ -537,6 +537,40 @@ describe('UserController (e2e)', () => { .expect(409); }); + it('Should not send request to blocking user', async () => { + // user1 blocks user2 + await app.blockUser(user1.id, user2.id, user1.accessToken).expect(200); + + // user1 sends request to user2 + await app + .sendFriendRequest(user1.id, user2.id, user1.accessToken) + .expect(409); + }); + + it('Should not accept request from blocked user', async () => { + await app + .sendFriendRequest(user1.id, user2.id, user1.accessToken) + .expect(201); + + // user1 blocks user2 + await app.blockUser(user1.id, user2.id, user1.accessToken).expect(200); + await app + .acceptFriendRequest(user2.id, user1.id, user2.accessToken) + .expect(409); + }); + + it('Should not accept request from blocking user', async () => { + await app + .sendFriendRequest(user1.id, user2.id, user1.accessToken) + .expect(201); + + // user2 blocks user1 + await app.blockUser(user2.id, user1.id, user2.accessToken).expect(200); + await app + .acceptFriendRequest(user2.id, user1.id, user2.accessToken) + .expect(409); + }); + it('Should not send requests to self', async () => { await app .sendFriendRequest(user1.id, user1.id, user1.accessToken) From 8e11b965712e281578ace36d15a876cff9fe8b6a Mon Sep 17 00:00:00 2001 From: lim Date: Mon, 4 Mar 2024 18:01:00 +0900 Subject: [PATCH 2/2] [backend] Fix to prevent sending or receiving friend requests between users who have blocked each other --- .../src/friend-request/friend-request.service.ts | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/backend/src/friend-request/friend-request.service.ts b/backend/src/friend-request/friend-request.service.ts index c0f7331f..f7f58e34 100644 --- a/backend/src/friend-request/friend-request.service.ts +++ b/backend/src/friend-request/friend-request.service.ts @@ -19,6 +19,7 @@ export class FriendRequestService { await this.expectNotRequesting(recipientId, user, tx); await this.expectNotFriends(recipientId, user, tx); await this.expectNotBlockedBy(recipientId, user, tx); + await this.expectNotBlocking(recipientId, user, tx); return tx.user .update({ where: { id: user.id }, @@ -100,6 +101,19 @@ export class FriendRequestService { } } + private async expectNotBlocking(blockedId: number, user: User, tx) { + const blocking = await tx.user + .findFirstOrThrow({ + where: { id: user.id }, + }) + .blocking({ + where: { id: blockedId }, + }); + if (blocking.length > 0) { + throw new ConflictException('Blocking user'); + } + } + private async expectNotFriends(friendId: number, user: User, tx) { const u = tx.user.findFirstOrThrow({ where: { @@ -121,6 +135,8 @@ export class FriendRequestService { return this.prisma.$transaction(async (tx) => { // Check if user is requested by requester await this.expectRequestedBy(requesterId, user, tx); + await this.expectNotBlockedBy(requesterId, user, tx); + await this.expectNotBlocking(requesterId, user, tx); // Remove the friend request and add the requester to friends return tx.user.update({