antialias/soroban-abacus-flashcards
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: convert guestId to internal userId for player ownership check

Browse Source 
The authorization check was failing because it was comparing two
different ID types:
- Player ownership map uses internal database userId (e.g., 'xlk...')
- Validation context was receiving guestId from cookie (e.g., 'ac9d...')

Solution:
- Call getUserIdFromGuestId() to convert guestId to internal userId
- Pass the internal userId to validator for room-based games
- Add logging to show which internal userId is being used
- Return error if user not found during conversion

This fixes the "You can only move your own players" error that was
incorrectly blocking legitimate moves from local players.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Thomas Hallock
2025-10-09 08:20:18 -05:00
parent 97378b70b7
commit 3a01f4637d
1 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
apps/web/src/lib/arcade/session-manager.ts
View File

@@ -161,8 +161,19 @@ export async function applyGameMove(userId: string, move: GameMove): Promise<Ses
// Fetch player ownership for authorization checks (room-based games)
let playerOwnership: Record<string, string> | undefined
let internalUserId: string | undefined
if (session.roomId) {
try {
// Convert guestId to internal userId for ownership comparison
internalUserId = await getUserIdFromGuestId(userId)
if (!internalUserId) {
console.error('[SessionManager] Failed to convert guestId to userId:', userId)
return {
success: false,
error: 'User not found',
}
}
const players = await db.query.players.findMany({
columns: {
id: true,
@@ -171,14 +182,15 @@ export async function applyGameMove(userId: string, move: GameMove): Promise<Ses
})
playerOwnership = Object.fromEntries(players.map((p) => [p.id, p.userId]))
console.log('[SessionManager] Player ownership map:', playerOwnership)
console.log('[SessionManager] Internal userId for authorization:', internalUserId)
} catch (error) {
console.error('[SessionManager] Failed to fetch player ownership:', error)
}
}
// Validate the move with authorization context
// Validate the move with authorization context (use internal userId, not guestId)
const validationResult = validator.validateMove(session.gameState, move, {
userId,
userId: internalUserId || userId, // Use internal userId for room-based games
playerOwnership,
})