Fix bug when passing an unrelated boxer id as a voteId to `POST /api/votes/<combatId>` endpoint

[pjmartorell]

Descripción

A malicious user could do a call to POST /api/votes/<combatId> endpoint passing an arbitrary boxer id, i.e voting guanyar in 1-agustin-51-vs-carreraaa combat. To mitigate this issue, we can implement filtering on the voteId from combat boxers' IDs. This would prevent the submission or voting of any arbitrary boxer ID that isn't associated with the specified combat.

Problema solucionado

Fix bug when passing an unrelated boxer id as a voteId to POST /api/votes/<combatId> endpoint.

Cambios propuestos

Filter voteId from combat boxers ids to prevent passing or voting an arbitrary boxer id not related to the given combat

Capturas de pantalla (si corresponde)

Comprobación de cambios

• [x] He revisado que no haya ninguna PR (pull request) ya abierta con un problema similar, siguiendo el apartado de buenas prácticas
• [x] He revisado localmente los cambios para asegurarme de que no haya errores ni problemas.
• [x] He probado estos cambios en múltiples dispositivos y navegadores para asegurarme de que la landing page se vea y funcione correctamente.
• [x] He actualizado la documentación, si corresponde.

Impacto potencial

Contexto adicional

Enlaces útiles

• Documentación del proyecto:
• Código de referencia:

[vercel[bot]]

@pjmartorell is attempting to deploy a commit to the midudev pro Team on Vercel.

A member of the Team first needs to authorize it.