Add token verification to user-related API handlers

2026-02-19 17:22:34 +05:30
parent 23932be637
commit 2b0c1f4ae4
3 changed files with 64 additions and 4 deletions
--- a/src/modules/user/handlers/connections/addSchoolCompanyDetail.ts
+++ b/src/modules/user/handlers/connections/addSchoolCompanyDetail.ts
@@ -4,6 +4,7 @@ import {
  Context,
 } from 'aws-lambda';
 import { prismaClient } from '../../../../common/database/prisma.lambda.service';
+import { verifyUserToken } from '../../../../common/middlewares/jwt/authForUser';
 import { safeHandler } from '../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../common/utils/helper/ApiError';
 import { AddSchoolCompanyDetailDTO } from '../../dto/addSchoolCompanyDetail.dto';
@@ -16,6 +17,24 @@ export const handler = safeHandler(
    event: APIGatewayProxyEvent,
    context?: Context,
  ): Promise<APIGatewayProxyResult> => {
+    // Extract and verify token
+    const token =
+      event.headers['x-auth-token'] || event.headers['X-Auth-Token'];
+    if (!token) {
+      throw new ApiError(
+        400,
+        'This is a protected route. Please provide a valid token.',
+      );
+    }
+
+    // Verify token and get user info
+    const userInfo = await verifyUserToken(token);
+    const userId = Number(userInfo.id);
+
+    if (!userId || isNaN(userId)) {
+      throw new ApiError(400, 'Invalid user ID');
+    }
+
    // Extract body parameters
    let body;
    try {
--- a/src/modules/user/handlers/connections/getSchoolCompanyName.ts
+++ b/src/modules/user/handlers/connections/getSchoolCompanyName.ts
@@ -4,6 +4,7 @@ import {
  Context,
 } from 'aws-lambda';
 import { prismaClient } from '../../../../common/database/prisma.lambda.service';
+import { verifyUserToken } from '../../../../common/middlewares/jwt/authForUser';
 import { safeHandler } from '../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../common/utils/helper/ApiError';
 import { UserService } from '../../services/user.service';
@@ -15,6 +16,24 @@ export const handler = safeHandler(
    event: APIGatewayProxyEvent,
    context?: Context,
  ): Promise<APIGatewayProxyResult> => {
+    // Extract and verify token
+    const token =
+      event.headers['x-auth-token'] || event.headers['X-Auth-Token'];
+    if (!token) {
+      throw new ApiError(
+        400,
+        'This is a protected route. Please provide a valid token.',
+      );
+    }
+
+    // Verify token and get user info
+    const userInfo = await verifyUserToken(token);
+    const userId = Number(userInfo.id);
+
+    if (!userId || isNaN(userId)) {
+      throw new ApiError(400, 'Invalid user ID');
+    }
+
    // Extract query parameters
    const searchQuery = event.queryStringParameters?.searchQuery?.trim();
    const isSchool = event.queryStringParameters?.isSchool?.toLowerCase();
--- a/src/modules/user/handlers/connections/searchCities.ts
+++ b/src/modules/user/handlers/connections/searchCities.ts
@@ -1,9 +1,10 @@
 import {
-    APIGatewayProxyEvent,
-    APIGatewayProxyResult,
-    Context,
+  APIGatewayProxyEvent,
+  APIGatewayProxyResult,
+  Context,
 } from 'aws-lambda';
 import { prismaClient } from '../../../../common/database/prisma.lambda.service';
+import { verifyUserToken } from '../../../../common/middlewares/jwt/authForUser';
 import { safeHandler } from '../../../../common/utils/handlers/safeHandler';
 import ApiError from '../../../../common/utils/helper/ApiError';
 import { UserService } from '../../services/user.service';
@@ -15,6 +16,24 @@ export const handler = safeHandler(
    event: APIGatewayProxyEvent,
    context?: Context,
  ): Promise<APIGatewayProxyResult> => {
+    // Extract and verify token
+    const token =
+      event.headers['x-auth-token'] || event.headers['X-Auth-Token'];
+    if (!token) {
+      throw new ApiError(
+        400,
+        'This is a protected route. Please provide a valid token.',
+      );
+    }
+
+    // Verify token and get user info
+    const userInfo = await verifyUserToken(token);
+    const userId = Number(userInfo.id);
+
+    if (!userId || isNaN(userId)) {
+      throw new ApiError(400, 'Invalid user ID');
+    }
+
    // Extract query parameters
    const searchQuery = event.queryStringParameters?.searchQuery?.trim();

@@ -24,7 +43,10 @@ export const handler = safeHandler(
    }

    if (searchQuery.length < 2) {
-      throw new ApiError(400, 'Search query must be at least 2 characters long');
+      throw new ApiError(
+        400,
+        'Search query must be at least 2 characters long',
+      );
    }

    // Call service to search cities