Merge pull request #2368 from stakwork/feat/fix_non_public_keys_bounties

Feat: added public key check for bounty creation

handlers/bounty.go

@@ -202,6 +202,19 @@ func (h *bountyHandler) CreateOrEditBounty(w http.ResponseWriter, r *http.Reques
 	ctx := r.Context()
 	pubKeyFromAuth, _ := ctx.Value(auth.ContextKey).(string)
 
+	// return 401 if pubKeyFromAuth is empty
+	if pubKeyFromAuth == "" {
+		w.WriteHeader(http.StatusUnauthorized)
+		return
+	}
+
+	// check if  use exists
+	user := h.db.GetPersonByPubkey(pubKeyFromAuth)
+	if user.OwnerPubKey == "" {
+		w.WriteHeader(http.StatusUnauthorized)
+		return
+	}
+
 	bounty := db.NewBounty{}
 	body, err := io.ReadAll(r.Body)
 	r.Body.Close()

handlers/bounty_test.go

@@ -126,12 +126,15 @@ func TestCreateOrEditBounty(t *testing.T) {
 	teardownSuite := SetupSuite(t)
 	defer teardownSuite(t)
 
+	// create user
+	db.TestDB.CreateOrEditPerson(bountyOwner)
+
 	existingBounty := db.NewBounty{
 		Type:          "coding",
 		Title:         "existing bounty",
 		Description:   "existing bounty description",
 		WorkspaceUuid: "work-1",
-		OwnerID:       "first-user",
+		OwnerID:       bountyOwner.OwnerPubKey,
 		Price:         2000,
 	}
 
@@ -143,19 +146,19 @@ func TestCreateOrEditBounty(t *testing.T) {
 		Title:         "new bounty",
 		Description:   "new bounty description",
 		WorkspaceUuid: "work-1",
-		OwnerID:       "test-key",
+		OwnerID:       bountyOwner.OwnerPubKey,
 		Price:         1500,
 	}
 
 	failedBounty := db.NewBounty{
-		Type:          "coding",
 		Title:         "new bounty",
 		Description:   "failed bounty description",
 		WorkspaceUuid: "work-1",
+		OwnerID:       bountyOwner.OwnerPubKey,
 		Price:         1500,
 	}
 
-	ctx := context.WithValue(context.Background(), auth.ContextKey, "test-key")
+	ctx := context.WithValue(context.Background(), auth.ContextKey, bountyOwner.OwnerPubKey)
 	mockClient := mocks.NewHttpClient(t)
 	mockUserHasManageBountyRolesTrue := func(pubKeyFromAuth string, uuid string) bool {
 		return true