watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2025-12-08 05:12:36 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Refactor auth logic.

Browse source
This commit is contained in:
Mike Cao 2022-10-11 21:48:33 -07:00
parent edd1751b81
commit 5e2d23f18f
10 changed files with 40 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

6
pages/api/share/[id].js
View file

@ -9,10 +9,10 @@ export default async (req, res) => {
const website = await getWebsiteByShareId(id);
if (website) {
const websiteId = website.websiteId;
const token = createToken({ websiteId: websiteId }, secret());
const { websiteId, websiteUuid } = website;
const token = createToken({ websiteId, websiteUuid }, secret());
return ok(res, { websiteId, token });
return ok(res, { websiteId, websiteUuid, token });
}
return notFound(res);

9
pages/api/websites/[id]/index.js
View file

@ -5,6 +5,10 @@ import { useAuth, useCors } from 'lib/middleware';
import { validate } from 'uuid';
export default async (req, res) => {
await useAuth(req, res);
const { isAdmin, userId, accountUuid } = req.auth;
const { id } = req.query;
const websiteId = +id;
@ -23,9 +27,6 @@ export default async (req, res) => {
}
if (req.method === 'POST') {
await useAuth(req, res);
const { isAdmin: currentUserIsAdmin, userId: currentUserId, accountUuid } = req.auth;
const { name, domain, owner, enable_share_url } = req.body;
let account;
@ -37,7 +38,7 @@ export default async (req, res) => {
const shareId = enable_share_url ? website.shareId || getRandomChars(8) : null;
if (website.userId !== currentUserId && !currentUserIsAdmin) {
if (website.userId !== userId && !isAdmin) {
return unauthorized(res);
}