watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2026-02-07 14:17:13 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merged auth into new parseRequest method.

Browse source
This commit is contained in:
Mike Cao 2025-01-25 00:19:22 -08:00
parent e51f182403
commit 2d6428172b
39 changed files with 296 additions and 316 deletions
Download patch file Download diff file Expand all files Collapse all files

32
src/app/api/teams/[teamId]/route.ts
View file

@ -1,7 +1,7 @@
import { z } from 'zod';
import { unauthorized, json, badRequest, notFound, ok } from 'lib/response';
import { canDeleteTeam, canUpdateTeam, canViewTeam, checkAuth } from 'lib/auth';
import { checkRequest } from 'lib/request';
import { unauthorized, json, notFound, ok } from 'lib/response';
import { canDeleteTeam, canUpdateTeam, canViewTeam } from 'lib/auth';
import { parseRequest } from 'lib/request';
import { deleteTeam, getTeam, updateTeam } from 'queries';
export async function GET(request: Request, { params }: { params: Promise<{ teamId: string }> }) {
@ -9,17 +9,15 @@ export async function GET(request: Request, { params }: { params: Promise<{ team
teamId: z.string().uuid(),
});
const { error } = await checkRequest(request, schema);
const { auth, error } = await parseRequest(request, schema);
if (error) {
return badRequest(error);
return error();
}
const { teamId } = await params;
const auth = await checkAuth(request);
if (!auth || !(await canViewTeam(auth, teamId))) {
if (!(await canViewTeam(auth, teamId))) {
return unauthorized();
}
@ -38,17 +36,15 @@ export async function POST(request: Request, { params }: { params: Promise<{ tea
accessCode: z.string().max(50),
});
const { body, error } = await checkRequest(request, schema);
const { auth, body, error } = await parseRequest(request, schema);
if (error) {
return badRequest(error);
return error();
}
const { teamId } = await params;
const auth = await checkAuth(request);
if (!auth || !(await canUpdateTeam(auth, teamId))) {
if (!(await canUpdateTeam(auth, teamId))) {
return unauthorized('You must be the owner of this team.');
}
@ -61,11 +57,15 @@ export async function DELETE(
request: Request,
{ params }: { params: Promise<{ teamId: string }> },
) {
const { auth, error } = await parseRequest(request);
if (error) {
return error();
}
const { teamId } = await params;
const auth = await checkAuth(request);
if (!auth || !(await canDeleteTeam(auth, teamId))) {
if (!(await canDeleteTeam(auth, teamId))) {
return unauthorized('You must be the owner of this team.');
}

28
src/app/api/teams/[teamId]/users/[userId]/route.ts
View file

@ -1,16 +1,20 @@
import { z } from 'zod';
import { unauthorized, json, badRequest, ok } from 'lib/response';
import { canDeleteTeam, canUpdateTeam, checkAuth } from 'lib/auth';
import { checkRequest } from 'lib/request';
import { canDeleteTeam, canUpdateTeam } from 'lib/auth';
import { parseRequest } from 'lib/request';
import { deleteTeam, getTeamUser, updateTeamUser } from 'queries';
export async function GET(
request: Request,
{ params }: { params: Promise<{ teamId: string; userId: string }> },
) {
const { teamId, userId } = await params;
const { auth, error } = await parseRequest(request);
const auth = await checkAuth(request);
if (error) {
return error();
}
const { teamId, userId } = await params;
if (!(await canUpdateTeam(auth, teamId))) {
return unauthorized('You must be the owner of this team.');
@ -29,16 +33,14 @@ export async function POST(
role: z.string().regex(/team-member|team-view-only|team-manager/),
});
const { body, error } = await checkRequest(request, schema);
const { auth, body, error } = await parseRequest(request, schema);
if (error) {
return badRequest(error);
return error();
}
const { teamId, userId } = await params;
const auth = await checkAuth(request);
if (!(await canUpdateTeam(auth, teamId))) {
return unauthorized('You must be the owner of this team.');
}
@ -58,11 +60,15 @@ export async function DELETE(
request: Request,
{ params }: { params: Promise<{ teamId: string }> },
) {
const { auth, error } = await parseRequest(request);
if (error) {
return error();
}
const { teamId } = await params;
const auth = await checkAuth(request);
if (!auth || !(await canDeleteTeam(auth, teamId))) {
if (!(await canDeleteTeam(auth, teamId))) {
return unauthorized('You must be the owner of this team.');
}

18
src/app/api/teams/[teamId]/users/route.ts
View file

@ -1,7 +1,7 @@
import { z } from 'zod';
import { unauthorized, json, badRequest } from 'lib/response';
import { canAddUserToTeam, canUpdateTeam, checkAuth } from 'lib/auth';
import { checkRequest } from 'lib/request';
import { canAddUserToTeam, canUpdateTeam } from 'lib/auth';
import { parseRequest } from 'lib/request';
import { pagingParams, roleParam } from 'lib/schema';
import { createTeamUser, getTeamUser, getTeamUsers } from 'queries';
@ -10,16 +10,14 @@ export async function GET(request: Request, { params }: { params: Promise<{ team
...pagingParams,
});
const { query, error } = await checkRequest(request, schema);
const { auth, query, error } = await parseRequest(request, schema);
if (error) {
return badRequest(error);
return error();
}
const { teamId } = await params;
const auth = await checkAuth(request);
if (!(await canUpdateTeam(auth, teamId))) {
return unauthorized('You must be the owner of this team.');
}
@ -55,17 +53,15 @@ export async function POST(
role: roleParam,
});
const { body, error } = await checkRequest(request, schema);
const { auth, body, error } = await parseRequest(request, schema);
if (error) {
return badRequest(error);
return error();
}
const { teamId } = await params;
const auth = await checkAuth(request);
if (!auth || !(await canAddUserToTeam(auth))) {
if (!(await canAddUserToTeam(auth))) {
return unauthorized();
}

18
src/app/api/teams/[teamId]/websites/route.ts
View file

@ -1,7 +1,7 @@
import { z } from 'zod';
import { unauthorized, json, badRequest } from 'lib/response';
import { canViewTeam, checkAuth } from 'lib/auth';
import { checkRequest } from 'lib/request';
import { unauthorized, json } from 'lib/response';
import { canViewTeam } from 'lib/auth';
import { parseRequest } from 'lib/request';
import { pagingParams } from 'lib/schema';
import { getTeamWebsites } from 'queries';
@ -9,18 +9,14 @@ export async function GET(request: Request, { params }: { params: Promise<{ team
const schema = z.object({
...pagingParams,
});
const { query, error } = await checkRequest(request, schema);
const { teamId } = await params;
const { auth, query, error } = await parseRequest(request, schema);
if (error) {
return badRequest(error);
return error();
}
const { teamId } = await params;
const auth = await checkAuth(request);
if (!auth || !(await canViewTeam(auth, teamId))) {
if (!(await canViewTeam(auth, teamId))) {
return unauthorized();
}

12
src/app/api/teams/join/route.ts
View file

@ -1,7 +1,7 @@
import { z } from 'zod';
import { unauthorized, json, badRequest, notFound } from 'lib/response';
import { canCreateTeam, checkAuth } from 'lib/auth';
import { checkRequest } from 'lib/request';
import { canCreateTeam } from 'lib/auth';
import { parseRequest } from 'lib/request';
import { ROLES } from 'lib/constants';
import { createTeamUser, findTeam, getTeamUser } from 'queries';
@ -10,15 +10,13 @@ export async function POST(request: Request) {
accessCode: z.string().max(50),
});
const { body, error } = await checkRequest(request, schema);
const { auth, body, error } = await parseRequest(request, schema);
if (error) {
return badRequest(error);
return error();
}
const auth = await checkAuth(request);
if (!auth || !(await canCreateTeam(auth))) {
if (!(await canCreateTeam(auth))) {
return unauthorized();
}

14
src/app/api/teams/route.ts
View file

@ -1,9 +1,9 @@
import { z } from 'zod';
import { getRandomChars } from 'next-basics';
import { unauthorized, json, badRequest } from 'lib/response';
import { canCreateTeam, checkAuth } from 'lib/auth';
import { unauthorized, json } from 'lib/response';
import { canCreateTeam } from 'lib/auth';
import { uuid } from 'lib/crypto';
import { checkRequest } from 'lib/request';
import { parseRequest } from 'lib/request';
import { createTeam } from 'queries';
export async function POST(request: Request) {
@ -11,15 +11,13 @@ export async function POST(request: Request) {
name: z.string().max(50),
});
const { body, error } = await checkRequest(request, schema);
const { auth, body, error } = await parseRequest(request, schema);
if (error) {
return badRequest(error);
return error();
}
const auth = await checkAuth(request);
if (!auth || !(await canCreateTeam(auth))) {
if (!(await canCreateTeam(auth))) {
return unauthorized();
}