Skip to content

Commit

Permalink
Merged auth into new parseRequest method.
Browse files Browse the repository at this point in the history
  • Loading branch information
@mikecao
mikecao committed Jan 25, 2025
1 parent e51f182 commit 2d64281
Show file tree
Hide file tree
Showing 39 changed files with 296 additions and 316 deletions.
32 changes: 16 additions & 16 deletions src/app/api/teams/[teamId]/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,25 +1,23 @@
import { z } from 'zod';
import { unauthorized, json, badRequest, notFound, ok } from 'lib/response';
import { canDeleteTeam, canUpdateTeam, canViewTeam, checkAuth } from 'lib/auth';
import { checkRequest } from 'lib/request';
import { unauthorized, json, notFound, ok } from 'lib/response';
import { canDeleteTeam, canUpdateTeam, canViewTeam } from 'lib/auth';
import { parseRequest } from 'lib/request';
import { deleteTeam, getTeam, updateTeam } from 'queries';

export async function GET(request: Request, { params }: { params: Promise<{ teamId: string }> }) {
const schema = z.object({
teamId: z.string().uuid(),
});

const { error } = await checkRequest(request, schema);
const { auth, error } = await parseRequest(request, schema);

if (error) {
return badRequest(error);
return error();
}

const { teamId } = await params;

const auth = await checkAuth(request);

if (!auth || !(await canViewTeam(auth, teamId))) {
if (!(await canViewTeam(auth, teamId))) {
return unauthorized();
}

Expand All @@ -38,17 +36,15 @@ export async function POST(request: Request, { params }: { params: Promise<{ tea
accessCode: z.string().max(50),
});

const { body, error } = await checkRequest(request, schema);
const { auth, body, error } = await parseRequest(request, schema);

if (error) {
return badRequest(error);
return error();
}

const { teamId } = await params;

const auth = await checkAuth(request);

if (!auth || !(await canUpdateTeam(auth, teamId))) {
if (!(await canUpdateTeam(auth, teamId))) {
return unauthorized('You must be the owner of this team.');
}

Expand All @@ -61,11 +57,15 @@ export async function DELETE(
request: Request,
{ params }: { params: Promise<{ teamId: string }> },
) {
const { teamId } = await params;
const { auth, error } = await parseRequest(request);

const auth = await checkAuth(request);
if (error) {
return error();
}

const { teamId } = await params;

if (!auth || !(await canDeleteTeam(auth, teamId))) {
if (!(await canDeleteTeam(auth, teamId))) {
return unauthorized('You must be the owner of this team.');
}

Expand Down
28 changes: 17 additions & 11 deletions src/app/api/teams/[teamId]/users/[userId]/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,20 @@
import { z } from 'zod';
import { unauthorized, json, badRequest, ok } from 'lib/response';
import { canDeleteTeam, canUpdateTeam, checkAuth } from 'lib/auth';
import { checkRequest } from 'lib/request';
import { canDeleteTeam, canUpdateTeam } from 'lib/auth';
import { parseRequest } from 'lib/request';
import { deleteTeam, getTeamUser, updateTeamUser } from 'queries';

export async function GET(
request: Request,
{ params }: { params: Promise<{ teamId: string; userId: string }> },
) {
const { teamId, userId } = await params;
const { auth, error } = await parseRequest(request);

if (error) {
return error();
}

const auth = await checkAuth(request);
const { teamId, userId } = await params;

if (!(await canUpdateTeam(auth, teamId))) {
return unauthorized('You must be the owner of this team.');
Expand All @@ -29,16 +33,14 @@ export async function POST(
role: z.string().regex(/team-member|team-view-only|team-manager/),
});

const { body, error } = await checkRequest(request, schema);
const { auth, body, error } = await parseRequest(request, schema);

if (error) {
return badRequest(error);
return error();
}

const { teamId, userId } = await params;

const auth = await checkAuth(request);

if (!(await canUpdateTeam(auth, teamId))) {
return unauthorized('You must be the owner of this team.');
}
Expand All @@ -58,11 +60,15 @@ export async function DELETE(
request: Request,
{ params }: { params: Promise<{ teamId: string }> },
) {
const { teamId } = await params;
const { auth, error } = await parseRequest(request);

const auth = await checkAuth(request);
if (error) {
return error();
}

const { teamId } = await params;

if (!auth || !(await canDeleteTeam(auth, teamId))) {
if (!(await canDeleteTeam(auth, teamId))) {
return unauthorized('You must be the owner of this team.');
}

Expand Down
18 changes: 7 additions & 11 deletions src/app/api/teams/[teamId]/users/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import { z } from 'zod';
import { unauthorized, json, badRequest } from 'lib/response';
import { canAddUserToTeam, canUpdateTeam, checkAuth } from 'lib/auth';
import { checkRequest } from 'lib/request';
import { canAddUserToTeam, canUpdateTeam } from 'lib/auth';
import { parseRequest } from 'lib/request';
import { pagingParams, roleParam } from 'lib/schema';
import { createTeamUser, getTeamUser, getTeamUsers } from 'queries';

Expand All @@ -10,16 +10,14 @@ export async function GET(request: Request, { params }: { params: Promise<{ team
...pagingParams,
});

const { query, error } = await checkRequest(request, schema);
const { auth, query, error } = await parseRequest(request, schema);

if (error) {
return badRequest(error);
return error();
}

const { teamId } = await params;

const auth = await checkAuth(request);

if (!(await canUpdateTeam(auth, teamId))) {
return unauthorized('You must be the owner of this team.');
}
Expand Down Expand Up @@ -55,17 +53,15 @@ export async function POST(
role: roleParam,
});

const { body, error } = await checkRequest(request, schema);
const { auth, body, error } = await parseRequest(request, schema);

if (error) {
return badRequest(error);
return error();
}

const { teamId } = await params;

const auth = await checkAuth(request);

if (!auth || !(await canAddUserToTeam(auth))) {
if (!(await canAddUserToTeam(auth))) {
return unauthorized();
}

Expand Down
18 changes: 7 additions & 11 deletions src/app/api/teams/[teamId]/websites/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,26 +1,22 @@
import { z } from 'zod';
import { unauthorized, json, badRequest } from 'lib/response';
import { canViewTeam, checkAuth } from 'lib/auth';
import { checkRequest } from 'lib/request';
import { unauthorized, json } from 'lib/response';
import { canViewTeam } from 'lib/auth';
import { parseRequest } from 'lib/request';
import { pagingParams } from 'lib/schema';
import { getTeamWebsites } from 'queries';

export async function GET(request: Request, { params }: { params: Promise<{ teamId: string }> }) {
const schema = z.object({
...pagingParams,
});

const { query, error } = await checkRequest(request, schema);
const { teamId } = await params;
const { auth, query, error } = await parseRequest(request, schema);

if (error) {
return badRequest(error);
return error();
}

const { teamId } = await params;

const auth = await checkAuth(request);

if (!auth || !(await canViewTeam(auth, teamId))) {
if (!(await canViewTeam(auth, teamId))) {
return unauthorized();
}

Expand Down
12 changes: 5 additions & 7 deletions src/app/api/teams/join/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import { z } from 'zod';
import { unauthorized, json, badRequest, notFound } from 'lib/response';
import { canCreateTeam, checkAuth } from 'lib/auth';
import { checkRequest } from 'lib/request';
import { canCreateTeam } from 'lib/auth';
import { parseRequest } from 'lib/request';
import { ROLES } from 'lib/constants';
import { createTeamUser, findTeam, getTeamUser } from 'queries';

Expand All @@ -10,15 +10,13 @@ export async function POST(request: Request) {
accessCode: z.string().max(50),
});

const { body, error } = await checkRequest(request, schema);
const { auth, body, error } = await parseRequest(request, schema);

if (error) {
return badRequest(error);
return error();
}

const auth = await checkAuth(request);

if (!auth || !(await canCreateTeam(auth))) {
if (!(await canCreateTeam(auth))) {
return unauthorized();
}

Expand Down
14 changes: 6 additions & 8 deletions src/app/api/teams/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,25 +1,23 @@
import { z } from 'zod';
import { getRandomChars } from 'next-basics';
import { unauthorized, json, badRequest } from 'lib/response';
import { canCreateTeam, checkAuth } from 'lib/auth';
import { unauthorized, json } from 'lib/response';
import { canCreateTeam } from 'lib/auth';
import { uuid } from 'lib/crypto';
import { checkRequest } from 'lib/request';
import { parseRequest } from 'lib/request';
import { createTeam } from 'queries';

export async function POST(request: Request) {
const schema = z.object({
name: z.string().max(50),
});

const { body, error } = await checkRequest(request, schema);
const { auth, body, error } = await parseRequest(request, schema);

if (error) {
return badRequest(error);
return error();
}

const auth = await checkAuth(request);

if (!auth || !(await canCreateTeam(auth))) {
if (!(await canCreateTeam(auth))) {
return unauthorized();
}

Expand Down
22 changes: 12 additions & 10 deletions src/app/api/users/[userId]/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,20 @@
import { z } from 'zod';
import { canUpdateUser, canViewUser, checkAuth } from 'lib/auth';
import { canUpdateUser, canViewUser } from 'lib/auth';
import { getUser, getUserByUsername, updateUser } from 'queries';
import { json, unauthorized, badRequest } from 'lib/response';
import { hashPassword } from 'next-basics';
import { checkRequest } from 'lib/request';
import { parseRequest } from 'lib/request';

export async function GET(request: Request, { params }: { params: Promise<{ userId: string }> }) {
const { userId } = await params;
const { auth, error } = await parseRequest(request);

if (error) {
return error();
}

const auth = await checkAuth(request);
const { userId } = await params;

if (!auth || !(await canViewUser(auth, userId))) {
if (!(await canViewUser(auth, userId))) {
return unauthorized();
}

Expand All @@ -26,17 +30,15 @@ export async function POST(request: Request, { params }: { params: Promise<{ use
role: z.string().regex(/admin|user|view-only/i),
});

const { body, error } = await checkRequest(request, schema);
const { auth, body, error } = await parseRequest(request, schema);

if (error) {
return badRequest(error);
return error();
}

const { userId } = await params;

const auth = await checkAuth(request);

if (!auth || !(await canUpdateUser(auth, userId))) {
if (!(await canUpdateUser(auth, userId))) {
return unauthorized();
}

Expand Down
13 changes: 5 additions & 8 deletions src/app/api/users/[userId]/teams/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,26 +1,23 @@
import { z } from 'zod';
import { pagingParams } from 'lib/schema';
import { getUserTeams } from 'queries';
import { checkAuth } from 'lib/auth';
import { unauthorized, badRequest, json } from 'lib/response';
import { checkRequest } from 'lib/request';
import { unauthorized, json } from 'lib/response';
import { parseRequest } from 'lib/request';

export async function GET(request: Request, { params }: { params: Promise<{ userId: string }> }) {
const schema = z.object({
...pagingParams,
});

const { query, error } = await checkRequest(request, schema);
const { auth, query, error } = await parseRequest(request, schema);

if (error) {
return badRequest(error);
return error();
}

const { userId } = await params;

const auth = await checkAuth(request);

if (!auth || (!auth.user.isAdmin && (!userId || auth.user.id !== userId))) {
if (!auth.user.isAdmin && (!userId || auth.user.id !== userId)) {
return unauthorized();
}

Expand Down
13 changes: 5 additions & 8 deletions src/app/api/users/[userId]/usage/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,26 +1,23 @@
import { z } from 'zod';
import { json, unauthorized, badRequest } from 'lib/response';
import { json, unauthorized } from 'lib/response';
import { getAllUserWebsitesIncludingTeamOwner } from 'queries/prisma/website';
import { getEventUsage } from 'queries/analytics/events/getEventUsage';
import { getEventDataUsage } from 'queries/analytics/events/getEventDataUsage';
import { checkAuth } from 'lib/auth';
import { checkRequest } from 'lib/request';
import { parseRequest } from 'lib/request';

export async function GET(request: Request, { params }: { params: Promise<{ userId: string }> }) {
const schema = z.object({
startAt: z.coerce.number().int(),
endAt: z.coerce.number().int(),
});

const { query, error } = await checkRequest(request, schema);
const { auth, query, error } = await parseRequest(request, schema);

if (error) {
return badRequest(error);
return error();
}

const auth = await checkAuth(request);

if (!auth || !auth.user.isAdmin) {
if (!auth.user.isAdmin) {
return unauthorized();
}

Expand Down
Loading

0 comments on commit 2d64281

Please sign in to comment.