refacto/securize vote deletion

src/app/api/idnot/UserController.ts

@@ -42,7 +42,7 @@ export default class UserController extends ApiController {
 			const id = req.params["idnot"];
 			if (!id) throw new Error("idnot is required");
 
-			const payload = await this.authService.getUserJwtPayload(id!);
+			const payload = await this.authService.getUserJwtPayload(id);
 			const accessToken = this.authService.generateAccessToken(payload);
 			const refreshToken = this.authService.generateRefreshToken(payload);
 
@@ -50,7 +50,7 @@ export default class UserController extends ApiController {
 			this.httpSuccess(response, { accessToken, refreshToken });
 		} catch (error) {
 			console.log(error);
-			this.httpInternalError(response);
+			this.httpInternalError(response, error);
 			return;
 		}
 	}

src/app/api/super-admin/VotesController.ts

@@ -76,7 +76,7 @@ export default class VotesController extends ApiController {
 	}
 
 	/**
-	 * @description Delete a specific folder
+	 * @description Delete a specific vote
 	 */
 	@Delete("/api/v1/super-admin/votes/:uid", [authHandler])
 	protected async delete(req: Request, response: Response) {
@@ -94,6 +94,11 @@ export default class VotesController extends ApiController {
 				return;
 			}
 
+			if (voteFound.voter_uid !== req.body.user.userId) {
+				this.httpUnauthorized(response, "Can't delete a vote that's not yours");
+				return;
+			}
+
 			//call service to get prisma entity
 			const votetEntity: Votes = await this.votesService.delete(uid);