Renamed id routes for API.

src/pages/api/teams/[teamId]/index.ts

@@ -0,0 +1,80 @@
+import { Team } from '@prisma/client';
+import { canDeleteTeam, canUpdateTeam, canViewTeam } from 'lib/auth';
+import { useAuth, useValidate } from 'lib/middleware';
+import { NextApiRequestQueryBody } from 'lib/types';
+import { NextApiResponse } from 'next';
+import { methodNotAllowed, notFound, ok, unauthorized } from 'next-basics';
+import { deleteTeam, getTeam, updateTeam } from 'queries';
+import * as yup from 'yup';
+
+export interface TeamRequestQuery {
+  teamId: string;
+}
+
+export interface TeamRequestBody {
+  name: string;
+  accessCode: string;
+}
+
+const schema = {
+  GET: yup.object().shape({
+    teamId: yup.string().uuid().required(),
+  }),
+  POST: yup.object().shape({
+    id: yup.string().uuid().required(),
+    name: yup.string().max(50),
+    accessCode: yup.string().max(50),
+  }),
+  DELETE: yup.object().shape({
+    teamId: yup.string().uuid().required(),
+  }),
+};
+
+export default async (
+  req: NextApiRequestQueryBody<TeamRequestQuery, TeamRequestBody>,
+  res: NextApiResponse<Team>,
+) => {
+  await useAuth(req, res);
+  await useValidate(schema, req, res);
+
+  const { teamId } = req.query;
+
+  if (req.method === 'GET') {
+    if (!(await canViewTeam(req.auth, teamId))) {
+      return unauthorized(res);
+    }
+
+    const team = await getTeam(teamId, { includeMembers: true });
+
+    if (!team) {
+      return notFound(res);
+    }
+
+    return ok(res, team);
+  }
+
+  if (req.method === 'POST') {
+    if (!(await canUpdateTeam(req.auth, teamId))) {
+      return unauthorized(res, 'You must be the owner of this team.');
+    }
+
+    const { name, accessCode } = req.body;
+    const data = { name, accessCode };
+
+    const updated = await updateTeam(teamId, data);
+
+    return ok(res, updated);
+  }
+
+  if (req.method === 'DELETE') {
+    if (!(await canDeleteTeam(req.auth, teamId))) {
+      return unauthorized(res, 'You must be the owner of this team.');
+    }
+
+    await deleteTeam(teamId);
+
+    return ok(res);
+  }
+
+  return methodNotAllowed(res);
+};

src/pages/api/teams/[teamId]/users/[userId].ts

@@ -0,0 +1,75 @@
+import { canDeleteTeamUser, canUpdateTeam } from 'lib/auth';
+import { useAuth, useValidate } from 'lib/middleware';
+import { NextApiRequestQueryBody } from 'lib/types';
+import { NextApiResponse } from 'next';
+import { badRequest, methodNotAllowed, ok, unauthorized } from 'next-basics';
+import { deleteTeamUser, getTeamUser, updateTeamUser } from 'queries';
+import * as yup from 'yup';
+
+export interface TeamUserRequestQuery {
+  teamId: string;
+  userId: string;
+}
+
+export interface TeamUserRequestBody {
+  role: string;
+}
+
+const schema = {
+  DELETE: yup.object().shape({
+    teamId: yup.string().uuid().required(),
+    userId: yup.string().uuid().required(),
+  }),
+  POST: yup.object().shape({
+    role: yup
+      .string()
+      .matches(/team-member|team-guest/i)
+      .required(),
+  }),
+};
+
+export default async (
+  req: NextApiRequestQueryBody<TeamUserRequestQuery, TeamUserRequestBody>,
+  res: NextApiResponse,
+) => {
+  await useAuth(req, res);
+  await useValidate(schema, req, res);
+
+  const { teamId, userId } = req.query;
+
+  if (req.method === 'POST') {
+    if (!(await canUpdateTeam(req.auth, teamId))) {
+      return unauthorized(res, 'You must be the owner of this team.');
+    }
+
+    const teamUser = await getTeamUser(teamId, userId);
+
+    if (!teamUser) {
+      return badRequest(res, 'The User does not exists on this team.');
+    }
+
+    const { role } = req.body;
+
+    await updateTeamUser(teamUser.id, { role });
+
+    return ok(res);
+  }
+
+  if (req.method === 'DELETE') {
+    if (!(await canDeleteTeamUser(req.auth, teamId, userId))) {
+      return unauthorized(res, 'You must be the owner of this team.');
+    }
+
+    const teamUser = await getTeamUser(teamId, userId);
+
+    if (!teamUser) {
+      return badRequest(res, 'The User does not exists on this team.');
+    }
+
+    await deleteTeamUser(teamId, userId);
+
+    return ok(res);
+  }
+
+  return methodNotAllowed(res);
+};

src/pages/api/teams/[teamId]/users/index.ts

@@ -0,0 +1,78 @@
+import { canAddUserToTeam, canViewTeam } from 'lib/auth';
+import { useAuth, useValidate } from 'lib/middleware';
+import { pageInfo } from 'lib/schema';
+import { NextApiRequestQueryBody, SearchFilter } from 'lib/types';
+import { NextApiResponse } from 'next';
+import { badRequest, methodNotAllowed, ok, unauthorized } from 'next-basics';
+import { createTeamUser, getTeamUser, getTeamUsers } from 'queries';
+import * as yup from 'yup';
+
+export interface TeamUserRequestQuery extends SearchFilter {
+  teamId: string;
+}
+
+export interface TeamUserRequestBody {
+  userId: string;
+  role: string;
+}
+
+const schema = {
+  GET: yup.object().shape({
+    teamId: yup.string().uuid().required(),
+    ...pageInfo,
+  }),
+  POST: yup.object().shape({
+    userId: yup.string().uuid().required(),
+    role: yup
+      .string()
+      .matches(/team-member|team-guest/i)
+      .required(),
+  }),
+};
+
+export default async (
+  req: NextApiRequestQueryBody<TeamUserRequestQuery, TeamUserRequestBody>,
+  res: NextApiResponse,
+) => {
+  await useAuth(req, res);
+  await useValidate(schema, req, res);
+
+  const { teamId } = req.query;
+
+  if (req.method === 'GET') {
+    if (!(await canViewTeam(req.auth, teamId))) {
+      return unauthorized(res);
+    }
+
+    const { query, page, pageSize } = req.query;
+
+    const users = await getTeamUsers(teamId, {
+      query,
+      page,
+      pageSize: +pageSize || undefined,
+    });
+
+    return ok(res, users);
+  }
+
+  // admin function only
+  if (req.method === 'POST') {
+    if (!(await canAddUserToTeam(req.auth))) {
+      return unauthorized(res);
+    }
+
+    const { userId, role } = req.body;
+
+    const teamUser = await getTeamUser(teamId, userId);
+
+    if (teamUser) {
+      return badRequest(res, 'User is already a member of the Team.');
+    }
+
+    const users = await createTeamUser(userId, teamId, role);
+
+    return ok(res, users);
+  }
+
+  return methodNotAllowed(res);
+};

src/pages/api/teams/[teamId]/websites/index.ts

@@ -0,0 +1,71 @@
+import * as yup from 'yup';
+import { canCreateTeamWebsite, canViewTeam } from 'lib/auth';
+import { useAuth, useValidate } from 'lib/middleware';
+import { NextApiRequestQueryBody, SearchFilter } from 'lib/types';
+import { pageInfo } from 'lib/schema';
+import { NextApiResponse } from 'next';
+import { methodNotAllowed, ok, unauthorized } from 'next-basics';
+import { createWebsite, getTeamWebsites } from 'queries';
+import { uuid } from 'lib/crypto';
+
+export interface TeamWebsiteRequestQuery extends SearchFilter {
+  teamId: string;
+}
+
+export interface TeamWebsiteRequestBody {
+  name: string;
+  domain: string;
+  shareId: string;
+}
+
+const schema = {
+  GET: yup.object().shape({
+    teamId: yup.string().uuid().required(),
+    ...pageInfo,
+  }),
+  POST: yup.object().shape({
+    name: yup.string().max(100).required(),
+    domain: yup.string().max(500).required(),
+    shareId: yup.string().max(50).nullable(),
+  }),
+};
+
+export default async (
+  req: NextApiRequestQueryBody<TeamWebsiteRequestQuery, TeamWebsiteRequestBody>,
+  res: NextApiResponse,
+) => {
+  await useAuth(req, res);
+  await useValidate(schema, req, res);
+
+  const { teamId } = req.query;
+
+  if (req.method === 'GET') {
+    if (!(await canViewTeam(req.auth, teamId))) {
+      return unauthorized(res);
+    }
+
+    const { page, query, pageSize } = req.query;
+
+    const websites = await getTeamWebsites(teamId, {
+      page,
+      query,
+      pageSize: +pageSize || undefined,
+    });
+
+    return ok(res, websites);
+  }
+
+  if (req.method === 'POST') {
+    if (!(await canCreateTeamWebsite(req.auth, teamId))) {
+      return unauthorized(res);
+    }
+
+    const { name, domain, shareId } = req.body;
+
+    const website = await createWebsite({ id: uuid(), name, domain, shareId });
+
+    return ok(res, website);
+  }
+
+  return methodNotAllowed(res);
+};