Fix #8: Remove author_type/author_id from MessageCreate — always resolve from auth
Some checks failed
Deploy Tracker / deploy (push) Failing after 5s
Some checks failed
Deploy Tracker / deploy (push) Failing after 5s
This commit is contained in:
parent
7233d3f507
commit
607f822b4e
@ -36,8 +36,6 @@ class MessageCreate(BaseModel):
|
||||
chat_id: str | None = None
|
||||
task_id: str | None = None
|
||||
parent_id: str | None = None
|
||||
author_type: str | None = None # auto-detected from member
|
||||
author_id: str | None = None # auto-detected from auth
|
||||
content: str
|
||||
mentions: list[str] = []
|
||||
voice_url: str | None = None
|
||||
@ -81,12 +79,12 @@ async def create_message(req: MessageCreate, request: Request, db: AsyncSession
|
||||
if not req.chat_id and not req.task_id:
|
||||
raise HTTPException(400, "Either chat_id or task_id must be provided")
|
||||
|
||||
# Resolve author from auth
|
||||
# Resolve author from auth — never trust client-provided author fields
|
||||
member = getattr(request.state, "member", None)
|
||||
author_id = uuid.UUID(req.author_id) if req.author_id else (member.id if member else None)
|
||||
author_type = req.author_type or (member.type if member else AuthorType.HUMAN)
|
||||
if not author_id:
|
||||
if not member:
|
||||
raise HTTPException(401, "Not authenticated")
|
||||
author_id = member.id
|
||||
author_type = member.type
|
||||
|
||||
msg = Message(
|
||||
chat_id=uuid.UUID(req.chat_id) if req.chat_id else None,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user