watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2026-02-09 23:27:12 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Update uuid usage.

Browse source
This commit is contained in:
Mike Cao 2023-07-28 15:52:21 -07:00
parent 22d6343b9c
commit 1f2da530c9
5 changed files with 16 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

12
lib/auth.ts
View file

@ -9,10 +9,10 @@ import {
getRandomChars,
parseSecureToken,
parseToken,
isUuid,
} from 'next-basics';
import { getTeamUser } from 'queries';
import { getTeamWebsite, getTeamWebsiteByTeamMemberId } from 'queries/admin/teamWebsite';
import { validate } from 'uuid';
import { loadWebsite } from './load';
import { Auth } from './types';
@ -108,7 +108,7 @@ export async function canUpdateWebsite({ user }: Auth, websiteId: string) {
return true;
}
if (!validate(websiteId)) {
if (!isUuid(websiteId)) {
return false;
}
@ -184,7 +184,7 @@ export async function canUpdateTeam({ user }: Auth, teamId: string) {
return true;
}
if (validate(teamId)) {
if (isUuid(teamId)) {
const teamUser = await getTeamUser(teamId, user.id);
return hasPermission(teamUser.role, PERMISSIONS.teamUpdate);
@ -198,7 +198,7 @@ export async function canDeleteTeam({ user }: Auth, teamId: string) {
return true;
}
if (validate(teamId)) {
if (isUuid(teamId)) {
const teamUser = await getTeamUser(teamId, user.id);
return hasPermission(teamUser.role, PERMISSIONS.teamDelete);
@ -212,7 +212,7 @@ export async function canDeleteTeamUser({ user }: Auth, teamId: string, removeUs
return true;
}
if (validate(teamId) && validate(removeUserId)) {
if (isUuid(teamId) && isUuid(removeUserId)) {
if (removeUserId === user.id) {
return true;
}
@ -230,7 +230,7 @@ export async function canDeleteTeamWebsite({ user }: Auth, teamId: string, websi
return true;
}
if (validate(teamId) && validate(websiteId)) {
if (isUuid(teamId) && isUuid(websiteId)) {
const teamWebsite = await getTeamWebsite(teamId, websiteId);
if (teamWebsite.website.userId === user.id) {

4
lib/middleware.ts
View file

@ -4,10 +4,10 @@ import {
badRequest,
parseSecureToken,
tooManyRequest,
isUuid,
} from 'next-basics';
import debug from 'debug';
import cors from 'cors';
import { validate } from 'uuid';
import redis from '@umami/redis-client';
import { findSession } from 'lib/session';
import { getAuthToken, parseShareToken } from 'lib/auth';
@ -53,7 +53,7 @@ export const useAuth = createMiddleware(async (req, res, next) => {
let user = null;
const { userId, authKey } = payload || {};
if (validate(userId)) {
if (isUuid(userId)) {
user = await getUser({ id: userId });
} else if (redis.enabled && authKey) {
user = await redis.get(authKey);

5
lib/session.ts
View file

@ -1,9 +1,8 @@
import { secret } from 'lib/crypto';
import { getClientInfo, getJsonBody } from 'lib/detect';
import { parseToken, uuid } from 'next-basics';
import { parseToken, uuid, isUuid } from 'next-basics';
import { CollectRequestBody, NextApiRequestCollect } from 'pages/api/send';
import { createSession } from 'queries';
import { validate } from 'uuid';
import cache from './cache';
import { loadSession, loadWebsite } from './load';
@ -36,7 +35,7 @@ export async function findSession(req: NextApiRequestCollect) {
throw new Error('Invalid hostname.');
}
if (!validate(websiteId)) {
if (!isUuid(websiteId)) {
throw new Error('Invalid website ID.');
}