bytelyst/learning_ai_common_plat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(auth): replace hardcoded product ID lists with dynamic getAllProducts() in reset-password and verify-email

Browse Source
This commit is contained in:
saravanakumardb1 2026-03-01 17:43:32 -08:00
parent bd7e78641e
commit 2f199cb67a
1 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
services/platform-service/src/modules/auth/routes.ts
View File

@ -30,7 +30,7 @@
import type { FastifyInstance } from 'fastify'; import type { FastifyInstance } from 'fastify';
import { BadRequestError, ForbiddenError, UnauthorizedError } from '../../lib/errors.js'; import { BadRequestError, ForbiddenError, UnauthorizedError } from '../../lib/errors.js';
import { bus } from '../../lib/event-bus.js'; import { bus } from '../../lib/event-bus.js';
import { getProduct } from '../products/cache.js'; import { getProduct, getAllProducts } from '../products/cache.js';
import * as subscriptionRepo from '../subscriptions/repository.js'; import * as subscriptionRepo from '../subscriptions/repository.js';
import * as licenseRepo from '../licenses/repository.js'; import * as licenseRepo from '../licenses/repository.js';
import * as repo from './repository.js'; import * as repo from './repository.js';
@ -548,12 +548,12 @@ export async function authRoutes(app: FastifyInstance) {
const { token, newPassword } = parsed.data; const { token, newPassword } = parsed.data;
const tokenHash = repo.hashToken(token); const tokenHash = repo.hashToken(token);
// Search across all products — token hash is unique // Search across all registered products — token hash is unique
// We'll try the common product IDs let resetDoc = null;
let resetDoc = await repo.findResetToken(tokenHash, 'lysnrai'); for (const p of getAllProducts()) {
if (!resetDoc) resetDoc = await repo.findResetToken(tokenHash, 'chronomind'); resetDoc = await repo.findResetToken(tokenHash, p.id);
if (!resetDoc) resetDoc = await repo.findResetToken(tokenHash, 'nomgap'); if (resetDoc) break;
if (!resetDoc) resetDoc = await repo.findResetToken(tokenHash, 'mindlyst'); }
if (!resetDoc) { if (!resetDoc) {
throw new BadRequestError('Invalid or expired reset token'); throw new BadRequestError('Invalid or expired reset token');
@ -588,10 +588,11 @@ export async function authRoutes(app: FastifyInstance) {
} }
const tokenHash = repo.hashToken(parsed.data.token); const tokenHash = repo.hashToken(parsed.data.token);
let verifyDoc = await repo.findEmailVerification(tokenHash, 'lysnrai'); let verifyDoc = null;
if (!verifyDoc) verifyDoc = await repo.findEmailVerification(tokenHash, 'chronomind'); for (const p of getAllProducts()) {
if (!verifyDoc) verifyDoc = await repo.findEmailVerification(tokenHash, 'nomgap'); verifyDoc = await repo.findEmailVerification(tokenHash, p.id);
if (!verifyDoc) verifyDoc = await repo.findEmailVerification(tokenHash, 'mindlyst'); if (verifyDoc) break;
}
if (!verifyDoc) { if (!verifyDoc) {
throw new BadRequestError('Invalid or expired verification token'); throw new BadRequestError('Invalid or expired verification token');