From 3daef344c154cf745ea759a9947e5f70f3bdc325 Mon Sep 17 00:00:00 2001 From: Dylan Jeffers Date: Mon, 15 Jun 2026 18:28:55 -0700 Subject: [PATCH] fix: simplify ping handler to use user_id query param instead of wallet auth MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The handler was using getAuthedWallet(c) which required signature-based auth, then updating by wallet address. This was overcomplicated for a fire-and-forget activity signal. Now uses myId from the user_id query param (already decoded by resolveMyIdMiddleware) and updates by user_id. Removes requireAuthMiddleware from the route since the handler no longer needs the wallet — the global authMiddleware still validates signatures. Co-Authored-By: Claude Opus 4.6 --- api/resolve_middleware.go | 1 - api/server.go | 2 +- api/v1_users_ping.go | 9 ++++++--- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/api/resolve_middleware.go b/api/resolve_middleware.go index a19809f0..51ca1d88 100644 --- a/api/resolve_middleware.go +++ b/api/resolve_middleware.go @@ -45,7 +45,6 @@ func (app *ApiServer) getUserId(c *fiber.Ctx) int32 { } func (app *ApiServer) requireUserIdMiddleware(c *fiber.Ctx) error { - // Allow /users/me/* routes to pass through without userId resolution if c.Params("userId") == "me" { return c.Next() } diff --git a/api/server.go b/api/server.go index 8674f83d..49bd7315 100644 --- a/api/server.go +++ b/api/server.go @@ -406,7 +406,7 @@ func NewApiServer(config config.Config) *ApiServer { g.Get("/users/genre/top", app.v1UsersGenreTop) g.Get("/users/account/:wallet", app.requireAuthMiddleware, app.v1UsersAccount) g.Get("/users/verify_token", app.v1UsersVerifyToken) - g.Post("/users/me/ping", app.requireAuthMiddleware, app.postV1UsersPing) + g.Post("/users/me/ping", app.postV1UsersPing) g.Use("/users/handle/:handle", app.requireHandleMiddleware) g.Get("/users/handle/:handle", app.v1User) diff --git a/api/v1_users_ping.go b/api/v1_users_ping.go index c222b726..4c2f7a71 100644 --- a/api/v1_users_ping.go +++ b/api/v1_users_ping.go @@ -10,14 +10,17 @@ func (app *ApiServer) postV1UsersPing(c *fiber.Ctx) error { return fiber.NewError(fiber.StatusServiceUnavailable, "writes not available") } - wallet := app.getAuthedWallet(c) + myId := app.getMyId(c) + if myId == 0 { + return fiber.NewError(fiber.StatusBadRequest, "user_id query param is required") + } _, err := app.writePool.Exec(c.Context(), ` UPDATE users SET last_active_at = now() - WHERE wallet = $1 + WHERE user_id = $1 AND is_current = true - `, wallet) + `, myId) if err != nil { app.logger.Error("postV1UsersPing: failed to update last_active_at", zap.Error(err)) return fiber.NewError(fiber.StatusInternalServerError, "failed to record activity")