Showing AI reviews for bet-service
Project AI Score ?
62%
Quality Avg ?
63%
Security Avg ?
59%
Reviews ?
92

Review Result ?

solutionbowl/bet-service · 507ca0ea
The commit adds user betting block checks in the bet and multiBet controllers to prevent blocked users from placing bets. The approach is consistent and reuses an ensureBettingAllowed function. However, the duplication of the function in two files is a maintainability concern. Error handling for missing users and blocked status is clear, improving user experience and business logic enforcement. Security is improved by enforcing betting blocks, but there's no input validation or rate limiting visible here.
Quality ?
80%
Security ?
70%
Business Value ?
90%
Maintainability ?
80%
Issues & Suggested Fixes ?
1AI detects the issue
2Shows file, line, or evidence
3Suggests the fix to apply
Duplicate Logic
Where src/controllers/bet.controller.js:14
Issue / Evidence duplication of ensureBettingAllowed function
Suggested Fix extract the function into a shared utility module and import it in both controllers to reduce code duplication and improve maintainability
Duplicate Logic
Where src/controllers/multiBet.controller.js:13
Issue / Evidence duplication of ensureBettingAllowed function
Suggested Fix extract the function into a shared utility module and import it in both controllers to reduce code duplication and improve maintainability
Missing Validation
Where src/controllers/bet.controller.js:15
Issue / Evidence no input validation on userId
Suggested Fix validate and sanitize userId to reduce potential injection or errors
Missing Validation
Where src/controllers/multiBet.controller.js:14
Issue / Evidence no input validation on userId
Suggested Fix validate and sanitize userId to reduce potential injection or errors
Vague Description
Where commit message
Issue / Evidence vague description
Suggested Fix improve commit message to clearly describe the feature and its purpose (e.g., 'Add user betting block checks to bet and multiBet controllers')
Code Change Preview · src/controllers/bet.controller.js ?
Removed / Before Commit
- diff --git a/src/controllers/bet.controller.js b/src/controllers/bet.controller.js
- index 1a64a29..5511e17 100644
- const Ledger = require("../models/Ledger");
- const mongoose = require("mongoose");
- const Wallet = require("../models/Wallet");
- const { emitRaceOdds, emitBalanceUpdate } = require("../utils/socketClient");
- const Exposure = require("../models/Exposure");
- const { getTenantExposure, mergeExposure } = require("../utils/exposureHelper");
- const HorseRace = require("../models/HorseRace");
- const { getHierarchyIds } = require("../services/hierarchyService");
- 
- const recalculatePlacesExposure = async ({
- user_id,
- tenant_id,
- const tenant = req.tenant;
- const user_id = req.user.userId;
- const tenant_id = tenant ? tenant._id : null;
- 
Added / After Commit
+ diff --git a/src/controllers/bet.controller.js b/src/controllers/bet.controller.js
+ index 1a64a29..5511e17 100644
+ const Ledger = require("../models/Ledger");
+ const mongoose = require("mongoose");
+ const Wallet = require("../models/Wallet");
+ const User = require("../models/User");
+ const { emitRaceOdds, emitBalanceUpdate } = require("../utils/socketClient");
+ const Exposure = require("../models/Exposure");
+ const { getTenantExposure, mergeExposure } = require("../utils/exposureHelper");
+ const HorseRace = require("../models/HorseRace");
+ const { getHierarchyIds } = require("../services/hierarchyService");
+ 
+ const ensureBettingAllowed = async (userId) => {
+   const user = await User.findById(userId).lean();
+ 
+   if (!user) {
+     return { allowed: false, statusCode: 404, message: "User not found" };
+   }
Removed / Before Commit
- diff --git a/src/controllers/multiBet.controller.js b/src/controllers/multiBet.controller.js
- index 21217e1..db0848d 100644
- const HorseRace = require("../models/HorseRace");
- const Ledger = require("../models/Ledger");
- const Wallet = require("../models/Wallet");
- const mongoose = require("mongoose");
- const { getHierarchyIds } = require("../services/hierarchyService");
- const { emitBalanceUpdate } = require("../utils/socketClient");
- const { calculateMultiBetExposures, updateExposuresAfterLegWin, clearMultiBetExposures } = require("../utils/multiBetExposure");
- 
- /**
- * Place Multi-Bet (DOUBLE/TRIPLE)
- * POST /api/bets/place-multi-bet
- const tenant = req.tenant;
- const user_id = req.user.userId;
- const tenant_id = tenant ? tenant._id : null;
- const { selections, stake } = req.body;
- 
Added / After Commit
+ diff --git a/src/controllers/multiBet.controller.js b/src/controllers/multiBet.controller.js
+ index 21217e1..db0848d 100644
+ const HorseRace = require("../models/HorseRace");
+ const Ledger = require("../models/Ledger");
+ const Wallet = require("../models/Wallet");
+ const User = require("../models/User");
+ const mongoose = require("mongoose");
+ const { getHierarchyIds } = require("../services/hierarchyService");
+ const { emitBalanceUpdate } = require("../utils/socketClient");
+ const { calculateMultiBetExposures, updateExposuresAfterLegWin, clearMultiBetExposures } = require("../utils/multiBetExposure");
+ 
+ const ensureBettingAllowed = async (userId) => {
+   const user = await User.findById(userId).lean();
+ 
+   if (!user) {
+     return { allowed: false, statusCode: 404, message: "User not found" };
+   }
+