From 1aa2bff8c17e23e1a6f2e2fd95d111439be61274 Mon Sep 17 00:00:00 2001
From: Hyosik Philip Joo <lux1937@gmail.com>
Date: Sun, 22 Oct 2023 22:21:47 -0700
Subject: [PATCH] =?UTF-8?q?[FIX]=20=EC=BD=98=ED=85=90=EC=B8=A0,=20?=
 =?UTF-8?q?=EC=B9=B4=ED=85=8C=EA=B3=A0=EB=A6=AC=20=EC=A4=91=EB=B3=B5=20?=
 =?UTF-8?q?=EC=82=AD=EC=A0=9C=20=EB=B0=A9=EC=A7=80=20=EB=A1=9C=EC=A7=81=20?=
 =?UTF-8?q?=EC=B6=94=EA=B0=80=20(#319)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Fix: 콘텐츠 존재 여부 삭제 이전에 확인

* Fix: 카테고리 삭제 전 삭제 가능 여부 확인

* Chore: 누락된 인덴트 수정
---
 functions/api/routes/category/categoryDELETE.js | 9 +++++++++
 functions/api/routes/content/contentDELETE.js   | 9 ++++-----
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/functions/api/routes/category/categoryDELETE.js b/functions/api/routes/category/categoryDELETE.js
index d43f1c5..040202f 100644
--- a/functions/api/routes/category/categoryDELETE.js
+++ b/functions/api/routes/category/categoryDELETE.js
@@ -17,6 +17,15 @@ module.exports = asyncWrapper(async (req, res) => {
 
     const dbConnection = await db.connect(req);
     req.dbConnection = dbConnection;
+
+    const category = await categoryDB.getCategory(dbConnection, categoryId);
+    if (!category) {
+        return res.status(statusCode.NOT_FOUND).send(util.fail(statusCode.NOT_FOUND, responseMessage.NO_CATEGORY));
+    }
+    if (category.userId !== userId) {
+        return res.status(statusCode.FORBIDDEN).send(util.fail(statusCode.FORBIDDEN, responseMessage.FORBIDDEN));
+    }
+
     await Promise.all([
         categoryDB.deleteCategory(dbConnection, categoryId, userId), // 해당 카테고리 soft delete
         contentDB.updateContentIsDeleted(dbConnection, categoryId, userId), // 카테고리 개수가 1개 (해당 카테고리뿐)인 콘텐츠 soft delete
diff --git a/functions/api/routes/content/contentDELETE.js b/functions/api/routes/content/contentDELETE.js
index e0d8265..6f38cf1 100644
--- a/functions/api/routes/content/contentDELETE.js
+++ b/functions/api/routes/content/contentDELETE.js
@@ -35,15 +35,14 @@ module.exports = asyncWrapper(async (req, res) => {
   dayjs.tz.setDefault('Asia/Seoul');
 
   const content = await contentDB.getContentById(dbConnection, contentId);
+  if (!content) {
+    return res.status(statusCode.NOT_FOUND).send(util.fail(statusCode.NOT_FOUND, responseMessage.NO_CONTENT));
+  }
   if (content.userId !== userId) {
     return res.status(statusCode.FORBIDDEN).send(util.fail(statusCode.FORBIDDEN, responseMessage.FORBIDDEN));
   }
 
-  const deletedContent = await contentDB.deleteContent(dbConnection, contentId, userId);
-  if (!deletedContent) {
-    // 대상 콘텐츠가 없는 경우, 콘텐츠 삭제 실패
-    return res.status(statusCode.NOT_FOUND).send(util.fail(statusCode.NOT_FOUND, responseMessage.NO_CONTENT));
-  }
+  await contentDB.deleteContent(dbConnection, contentId, userId);
 
   if (content.isNotified && content.notificationTime > dayjs().tz().$d) {
     // 알림 예정 일 때 푸시서버에서도 삭제