From f7bd02adf2dc3ac0066eba84473d34e9aa297d69 Mon Sep 17 00:00:00 2001
From: Siwoo Jeon <me@migan.co.kr>
Date: Tue, 24 Sep 2024 22:49:54 +0900
Subject: [PATCH] fix(critical): Can delete other people's knowadge. (select
 menu)

---
 package.json                            |  2 +-
 src/Commands/deleteLearn.ts             |  5 +++--
 src/interaction-handlers/deleteLearn.ts | 14 ++++++++++++--
 3 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/package.json b/package.json
index 2bc2344..f284fac 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "muffinbot",
-  "version": "3.0.1-cake.r240815b",
+  "version": "3.0.2-cake.r240924a",
   "main": "dist/index.js",
   "private": true,
   "dependencies": {
diff --git a/src/Commands/deleteLearn.ts b/src/Commands/deleteLearn.ts
index b463d4f..6e38ba7 100644
--- a/src/Commands/deleteLearn.ts
+++ b/src/Commands/deleteLearn.ts
@@ -24,6 +24,7 @@ import { type LearnData } from '../modules'
 })
 class DeleteLearnCommand extends Command {
   public async messageRun(msg: Message, args: Args) {
+    const CUSTOM_ID = 'maa$deleteLearn'
     const command = await args.rest('string').catch(() => null)
     const options: SelectMenuComponentOptionData[] = []
     const db = this.container.database
@@ -46,7 +47,7 @@ class DeleteLearnCommand extends Command {
       console.log(data)
       options.push({
         label: `${data.id}번`,
-        value: `maa$deleteLearn-${data.id}`,
+        value: `${CUSTOM_ID}-${data.id}`,
         description: data.result.slice(0, 100),
       })
     })
@@ -68,7 +69,7 @@ class DeleteLearnCommand extends Command {
           components: [
             {
               type: ComponentType.StringSelect,
-              customId: 'maa$deleteLearn',
+              customId: `${CUSTOM_ID}@${msg.author.id}`,
               placeholder: '지울 데이터를 선택해ㅈ주세요',
               options,
             },
diff --git a/src/interaction-handlers/deleteLearn.ts b/src/interaction-handlers/deleteLearn.ts
index 9ed06e4..181661f 100644
--- a/src/interaction-handlers/deleteLearn.ts
+++ b/src/interaction-handlers/deleteLearn.ts
@@ -10,15 +10,25 @@ import { ApplyOptions } from '@sapphire/decorators'
   interactionHandlerType: InteractionHandlerTypes.SelectMenu,
 })
 class DeleteLearnHandler extends InteractionHandler {
+  private readonly _CUSTOM_ID = 'maa$deleteLearn'
+
   public async parse(interaction: StringSelectMenuInteraction) {
-    if (interaction.customId !== 'maa$deleteLearn') return this.none()
+    if (!interaction.customId.startsWith(this._CUSTOM_ID)) return this.none()
+    const userId = interaction.customId.slice(`${this._CUSTOM_ID}@`.length)
+    if (interaction.user.id !== userId) {
+      await interaction.reply({
+        ephemeral: true,
+        content: '당신은 이 지ㅅ식을 안 가르쳐 주셨어요.',
+      })
+      return this.none()
+    }
     return this.some()
   }
 
   public async run(interaction: StringSelectMenuInteraction) {
     await interaction.deferUpdate()
 
-    const id = interaction.values[0].slice('maa$deleteLearn-'.length)
+    const id = interaction.values[0].slice(`${this._CUSTOM_ID}-`.length)
     const db = this.container.database
 
     await db.learn.delete(id)