diff options
| author |  Joe Banks <[email protected]> | 2025-08-08 23:25:18 +0100 |
|---|---|---|
| committer | Joe Banks <[email protected]> | 2025-08-08 23:25:18 +0100 |
| commit | 3593ec75edfe5b01c6ba7d8c430c8d3c2a7a8581 (patch) | |
| tree | 169bf2ec044f773c04e2415e98020fec433d4402 | |
| parent | Use exp key for JWT as well as expiry key (diff) | |
Validate unique responses on submission
| -rw-r--r-- | backend/routes/forms/submit.py | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/backend/routes/forms/submit.py b/backend/routes/forms/submit.py index 1194a5a..11710fd 100644 --- a/backend/routes/forms/submit.py +++ b/backend/routes/forms/submit.py @@ -170,6 +170,22 @@ class SubmitForm(Route): else: return JSONResponse({"error": "missing_discord_data"}, status_code=400) + if constants.FormFeatures.UNIQUE_RESPONDER.value in form.features: + if not request.user.is_authenticated: + return JSONResponse({"error": "missing_discord_data"}, status_code=400) + + existing_response = await request.state.db.responses.find_one( + { + "form_id": form.id, + "user.id": request.user.payload["id"], + }, + ) + if existing_response: + return JSONResponse( + {"error": "unique_responder", "message": "You have already submitted this form."}, + status_code=400, + ) + missing_fields = [] for question in form.questions: if question.id not in response["response"]: |