mirror of
https://github.com/umami-software/umami.git
synced 2026-02-04 04:37:11 +01:00
Brian Cao
GitHub
parent
c90bd941b5
commit
561cde6e7e
20 changed files with 133 additions and 98 deletions
|
|
@ -17,13 +17,10 @@ export default async (
|
|||
await useCors(req, res);
|
||||
await useAuth(req, res);
|
||||
|
||||
const {
|
||||
user: { id: userId },
|
||||
} = req.auth;
|
||||
const { id: websiteId } = req.query;
|
||||
|
||||
if (req.method === 'GET') {
|
||||
if (await canViewWebsite(userId, websiteId)) {
|
||||
if (await canViewWebsite(req.auth, websiteId)) {
|
||||
return unauthorized(res);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -24,13 +24,10 @@ export default async (
|
|||
await useCors(req, res);
|
||||
await useAuth(req, res);
|
||||
|
||||
const {
|
||||
user: { id: userId },
|
||||
} = req.auth;
|
||||
const { id: websiteId } = req.query;
|
||||
|
||||
if (req.method === 'POST') {
|
||||
if (canViewWebsite(userId, websiteId)) {
|
||||
if (!(await canViewWebsite(req.auth, websiteId))) {
|
||||
return unauthorized(res);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -25,13 +25,10 @@ export default async (
|
|||
await useCors(req, res);
|
||||
await useAuth(req, res);
|
||||
|
||||
const {
|
||||
user: { id: userId },
|
||||
} = req.auth;
|
||||
const { id: websiteId, startAt, endAt, unit, tz, url, eventName } = req.query;
|
||||
|
||||
if (req.method === 'GET') {
|
||||
if (canViewWebsite(userId, websiteId)) {
|
||||
if (!(await canViewWebsite(req.auth, websiteId))) {
|
||||
return unauthorized(res);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -22,13 +22,10 @@ export default async (
|
|||
await useCors(req, res);
|
||||
await useAuth(req, res);
|
||||
|
||||
const {
|
||||
user: { id: userId },
|
||||
} = req.auth;
|
||||
const { id: websiteId } = req.query;
|
||||
|
||||
if (req.method === 'GET') {
|
||||
if (!(await canViewWebsite(userId, websiteId))) {
|
||||
if (!(await canViewWebsite(req.auth, websiteId))) {
|
||||
return unauthorized(res);
|
||||
}
|
||||
|
||||
|
|
@ -38,7 +35,7 @@ export default async (
|
|||
}
|
||||
|
||||
if (req.method === 'POST') {
|
||||
if (!(await canUpdateWebsite(userId, websiteId))) {
|
||||
if (!(await canUpdateWebsite(req.auth, websiteId))) {
|
||||
return unauthorized(res);
|
||||
}
|
||||
|
||||
|
|
@ -56,7 +53,7 @@ export default async (
|
|||
}
|
||||
|
||||
if (req.method === 'DELETE') {
|
||||
if (!(await canDeleteWebsite(userId, websiteId))) {
|
||||
if (!(await canDeleteWebsite(req.auth, websiteId))) {
|
||||
return unauthorized(res);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -55,9 +55,6 @@ export default async (
|
|||
await useCors(req, res);
|
||||
await useAuth(req, res);
|
||||
|
||||
const {
|
||||
user: { id: userId },
|
||||
} = req.auth;
|
||||
const {
|
||||
id: websiteId,
|
||||
type,
|
||||
|
|
@ -72,7 +69,7 @@ export default async (
|
|||
} = req.query;
|
||||
|
||||
if (req.method === 'GET') {
|
||||
if (!(await canViewWebsite(userId, websiteId))) {
|
||||
if (!(await canViewWebsite(req.auth, websiteId))) {
|
||||
return unauthorized(res);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -30,9 +30,6 @@ export default async (
|
|||
await useCors(req, res);
|
||||
await useAuth(req, res);
|
||||
|
||||
const {
|
||||
user: { id: userId },
|
||||
} = req.auth;
|
||||
const {
|
||||
id: websiteId,
|
||||
startAt,
|
||||
|
|
@ -48,7 +45,7 @@ export default async (
|
|||
} = req.query;
|
||||
|
||||
if (req.method === 'GET') {
|
||||
if (!(await canViewWebsite(userId, websiteId))) {
|
||||
if (!(await canViewWebsite(req.auth, websiteId))) {
|
||||
return unauthorized(res);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -16,13 +16,10 @@ export default async (
|
|||
await useCors(req, res);
|
||||
await useAuth(req, res);
|
||||
|
||||
const {
|
||||
user: { id: userId },
|
||||
} = req.auth;
|
||||
const { id: websiteId } = req.query;
|
||||
|
||||
if (req.method === 'POST') {
|
||||
if (!(await canViewWebsite(userId, websiteId))) {
|
||||
if (!(await canViewWebsite(req.auth, websiteId))) {
|
||||
return unauthorized(res);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -26,13 +26,10 @@ export default async (
|
|||
await useCors(req, res);
|
||||
await useAuth(req, res);
|
||||
|
||||
const {
|
||||
user: { id: userId },
|
||||
} = req.auth;
|
||||
const { id: websiteId, startAt, endAt, url, referrer, os, browser, device, country } = req.query;
|
||||
|
||||
if (req.method === 'GET') {
|
||||
if (!(await canViewWebsite(userId, websiteId))) {
|
||||
if (!(await canViewWebsite(req.auth, websiteId))) {
|
||||
return unauthorized(res);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,9 +1,10 @@
|
|||
import { Prisma } from '@prisma/client';
|
||||
import { NextApiRequestQueryBody } from 'lib/types';
|
||||
import { canCreateWebsite } from 'lib/auth';
|
||||
import { uuid } from 'lib/crypto';
|
||||
import { useAuth, useCors } from 'lib/middleware';
|
||||
import { NextApiRequestQueryBody } from 'lib/types';
|
||||
import { NextApiResponse } from 'next';
|
||||
import { methodNotAllowed, ok } from 'next-basics';
|
||||
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
|
||||
import { createWebsite, getUserWebsites } from 'queries';
|
||||
|
||||
export interface WebsitesRequestQuery {}
|
||||
|
|
@ -35,6 +36,10 @@ export default async (
|
|||
if (req.method === 'POST') {
|
||||
const { name, domain, shareId, teamId } = req.body;
|
||||
|
||||
if (!(await canCreateWebsite(req.auth, teamId))) {
|
||||
return unauthorized(res);
|
||||
}
|
||||
|
||||
const data: Prisma.WebsiteUncheckedCreateInput = {
|
||||
id: uuid(),
|
||||
name,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue