Refactor pairing endpoints to use authorisation #50
Labels
Priority: Medium
Status: Available
This issue is available for some to pick up.
Type: Feature
The issue is about a new feature being introduced to the project.
Projects
Describe the task that needs to be done.
Currently, the endpoints can be accessed by anyone, and it would be better to secure the endpoint so that only authorised users are able to send requests to these endpoints
Depends on: #47 #48 #49 #33
Describe how a solution to your proposed task might look like (and any alternatives considered).
Once the user team sets up the tokens in the user database, we will be able to check if a request has the correct matching token to the token in the database.
We can then have a utility function that gets the id of the user who sent the request based on their token,
This has 2 benefits, it allows us to ensure only authorised users can make requests to these endpoints
and it also means we can access the userId of the sending user, rather than requiring it to be sent through
An example of the refactor could be the removal for sending the userID in addBuddy, instead the userId could be gather based on the access token
Notes
The text was updated successfully, but these errors were encountered: