diff options
| author | 2025-08-08 23:25:18 +0100 | |
|---|---|---|
| committer | 2025-08-08 23:25:18 +0100 | |
| commit | 3593ec75edfe5b01c6ba7d8c430c8d3c2a7a8581 (patch) | |
| tree | 169bf2ec044f773c04e2415e98020fec433d4402 | |
| parent | Use exp key for JWT as well as expiry key (diff) | |
Validate unique responses on submission
Diffstat (limited to '')
| -rw-r--r-- | backend/routes/forms/submit.py | 16 | 
1 files changed, 16 insertions, 0 deletions
| diff --git a/backend/routes/forms/submit.py b/backend/routes/forms/submit.py index 1194a5a..11710fd 100644 --- a/backend/routes/forms/submit.py +++ b/backend/routes/forms/submit.py @@ -170,6 +170,22 @@ class SubmitForm(Route):                  else:                      return JSONResponse({"error": "missing_discord_data"}, status_code=400) +            if constants.FormFeatures.UNIQUE_RESPONDER.value in form.features: +                if not request.user.is_authenticated: +                    return JSONResponse({"error": "missing_discord_data"}, status_code=400) + +                existing_response = await request.state.db.responses.find_one( +                    { +                        "form_id": form.id, +                        "user.id": request.user.payload["id"], +                    }, +                ) +                if existing_response: +                    return JSONResponse( +                        {"error": "unique_responder", "message": "You have already submitted this form."}, +                        status_code=400, +                    ) +              missing_fields = []              for question in form.questions:                  if question.id not in response["response"]: | 
