auto(agent): added deal existence check and duplicate review prevention in reviews.js
This commit is contained in:
OpenClaw
parent
4078d6ac57
commit
53827506a3
1 changed files with 26 additions and 2 deletions
|
|
@ -8,11 +8,15 @@ const router = Router();
|
|||
router.post('/:dealId', requireAuth, async (req, res) => {
|
||||
try {
|
||||
const dealId = Number(req.params.dealId);
|
||||
const parsed = z.object({
|
||||
|
||||
// Input validation with Zod
|
||||
const reviewSchema = z.object({
|
||||
revieweeId: z.number().int().positive(),
|
||||
rating: z.number().int().min(1).max(5),
|
||||
comment: z.string().max(2000).optional()
|
||||
}).safeParse(req.body);
|
||||
});
|
||||
|
||||
const parsed = reviewSchema.safeParse(req.body);
|
||||
|
||||
if (!parsed.success || Number.isNaN(dealId)) {
|
||||
return res.status(400).json({ error: 'Invalid payload' });
|
||||
|
|
@ -24,6 +28,26 @@ router.post('/:dealId', requireAuth, async (req, res) => {
|
|||
|
||||
const { revieweeId, rating, comment } = parsed.data;
|
||||
|
||||
// Check if deal exists
|
||||
const [dealResult] = await pool.query(
|
||||
'SELECT id FROM deals WHERE id = ?',
|
||||
[dealId]
|
||||
);
|
||||
|
||||
if (dealResult.length === 0) {
|
||||
return res.status(404).json({ error: 'Deal not found' });
|
||||
}
|
||||
|
||||
// Check if user has already reviewed this deal
|
||||
const [existingReview] = await pool.query(
|
||||
'SELECT id FROM reviews WHERE deal_id = ? AND reviewer_id = ?',
|
||||
[dealId, req.user.userId]
|
||||
);
|
||||
|
||||
if (existingReview.length > 0) {
|
||||
return res.status(409).json({ error: 'You have already reviewed this deal' });
|
||||
}
|
||||
|
||||
const [result] = await pool.query(
|
||||
`INSERT INTO reviews (deal_id, reviewer_id, reviewee_id, rating, comment, earliest_prompt_at, latest_prompt_at)
|
||||
VALUES (?, ?, ?, ?, ?, ?, ?)`,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue