watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2026-02-09 23:27:12 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Add api validations.

Browse source
This commit is contained in:
Brian Cao 2023-08-19 22:23:15 -07:00
parent 7d5a24044a
commit 7a7233ead4
41 changed files with 690 additions and 180 deletions
Download patch file Download diff file Expand all files Collapse all files

22
pages/api/teams/[id]/index.ts
View file

@ -1,10 +1,11 @@
import { Team } from '@prisma/client';
import { NextApiRequestQueryBody } from 'lib/types';
import { canDeleteTeam, canUpdateTeam, canViewTeam } from 'lib/auth';
import { useAuth } from 'lib/middleware';
import { useAuth, useValidate } from 'lib/middleware';
import { NextApiRequestQueryBody } from 'lib/types';
import { NextApiResponse } from 'next';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { deleteTeam, getTeamById, updateTeam } from 'queries';
import * as yup from 'yup';
export interface TeamRequestQuery {
id: string;
@ -15,12 +16,29 @@ export interface TeamRequestBody {
accessCode: string;
}
const schema = {
GET: yup.object().shape({
id: yup.string().uuid().required(),
}),
POST: yup.object().shape({
id: yup.string().uuid().required(),
name: yup.string().max(50).required(),
accessCode: yup.string().max(50).required(),
}),
DELETE: yup.object().shape({
id: yup.string().uuid().required(),
}),
};
export default async (
req: NextApiRequestQueryBody<TeamRequestQuery, TeamRequestBody>,
res: NextApiResponse<Team>,
) => {
await useAuth(req, res);
req.yup = schema;
await useValidate(req, res);
const { id: teamId } = req.query;
if (req.method === 'GET') {

14
pages/api/teams/[id]/users/[userId].ts
View file

@ -1,18 +1,28 @@
import { canDeleteTeamUser } from 'lib/auth';
import { useAuth } from 'lib/middleware';
import { useAuth, useValidate } from 'lib/middleware';
import { NextApiRequestQueryBody } from 'lib/types';
import { NextApiResponse } from 'next';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { deleteTeamUser } from 'queries';
import * as yup from 'yup';
export interface TeamUserRequestQuery {
id: string;
userId: string;
}
const schema = {
DELETE: yup.object().shape({
id: yup.string().uuid().required(),
userId: yup.string().uuid().required(),
}),
};
export default async (req: NextApiRequestQueryBody<TeamUserRequestQuery>, res: NextApiResponse) => {
await useAuth(req, res);
req.yup = schema;
await useValidate(req, res);
if (req.method === 'DELETE') {
const { id: teamId, userId } = req.query;

25
pages/api/teams/[id]/users/index.ts
View file

@ -1,9 +1,9 @@
import { canUpdateTeam, canViewTeam } from 'lib/auth';
import { canViewTeam } from 'lib/auth';
import { useAuth } from 'lib/middleware';
import { NextApiRequestQueryBody, SearchFilter, TeamSearchFilterType } from 'lib/types';
import { NextApiResponse } from 'next';
import { badRequest, methodNotAllowed, ok, unauthorized } from 'next-basics';
import { createTeamUser, getUserByUsername, getUsersByTeamId } from 'queries';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { getUsersByTeamId } from 'queries';
export interface TeamUserRequestQuery extends SearchFilter<TeamSearchFilterType> {
id: string;
@ -38,24 +38,5 @@ export default async (
return ok(res, users);
}
if (req.method === 'POST') {
if (!(await canUpdateTeam(req.auth, teamId))) {
return unauthorized(res, 'You must be the owner of this team.');
}
const { email, roleId: roleId } = req.body;
// Check for User
const user = await getUserByUsername(email);
if (!user) {
return badRequest(res, 'The User does not exists.');
}
const updated = await createTeamUser(user.id, teamId, roleId);
return ok(res, updated);
}
return methodNotAllowed(res);
};

13
pages/api/teams/[id]/websites/[websiteId].ts
View file

@ -1,21 +1,32 @@
import { canDeleteTeamWebsite } from 'lib/auth';
import { useAuth } from 'lib/middleware';
import { useAuth, useValidate } from 'lib/middleware';
import { NextApiRequestQueryBody } from 'lib/types';
import { NextApiResponse } from 'next';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { deleteTeamWebsite } from 'queries/admin/teamWebsite';
import * as yup from 'yup';
export interface TeamWebsitesRequestQuery {
id: string;
websiteId: string;
}
const schema = {
DELETE: yup.object().shape({
id: yup.string().uuid().required(),
websiteId: yup.string().uuid().required(),
}),
};
export default async (
req: NextApiRequestQueryBody<TeamWebsitesRequestQuery>,
res: NextApiResponse,
) => {
await useAuth(req, res);
req.yup = schema;
await useValidate(req, res);
const { id: teamId, websiteId } = req.query;
if (req.method === 'DELETE') {

21
pages/api/teams/[id]/websites/index.ts
View file

@ -1,9 +1,10 @@
import { canViewTeam } from 'lib/auth';
import { useAuth } from 'lib/middleware';
import { useAuth, useValidate } from 'lib/middleware';
import { NextApiRequestQueryBody, SearchFilter, WebsiteSearchFilterType } from 'lib/types';
import { getFilterValidation } from 'lib/yup';
import { NextApiResponse } from 'next';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { getWebsites, getWebsitesByTeamId } from 'queries';
import { getWebsitesByTeamId } from 'queries';
import { createTeamWebsites } from 'queries/admin/teamWebsite';
export interface TeamWebsiteRequestQuery extends SearchFilter<WebsiteSearchFilterType> {
@ -14,12 +15,28 @@ export interface TeamWebsiteRequestBody {
websiteIds?: string[];
}
import * as yup from 'yup';
const schema = {
GET: yup.object().shape({
id: yup.string().uuid().required(),
...getFilterValidation(/All|Name|Domain/i),
}),
POST: yup.object().shape({
id: yup.string().uuid().required(),
websiteIds: yup.array().of(yup.string()).min(1).required(),
}),
};
export default async (
req: NextApiRequestQueryBody<TeamWebsiteRequestQuery, TeamWebsiteRequestBody>,
res: NextApiResponse,
) => {
await useAuth(req, res);
req.yup = schema;
await useValidate(req, res);
const { id: teamId } = req.query;
if (req.method === 'GET') {

20
pages/api/teams/index.ts
View file

@ -1,23 +1,39 @@
import { Team } from '@prisma/client';
import { canCreateTeam } from 'lib/auth';
import { uuid } from 'lib/crypto';
import { useAuth } from 'lib/middleware';
import { useAuth, useValidate } from 'lib/middleware';
import { NextApiRequestQueryBody, SearchFilter, TeamSearchFilterType } from 'lib/types';
import { getFilterValidation } from 'lib/yup';
import { NextApiResponse } from 'next';
import { getRandomChars, methodNotAllowed, ok, unauthorized } from 'next-basics';
import { createTeam, getTeamsByUserId } from 'queries';
import * as yup from 'yup';
export interface TeamsRequestQuery extends SearchFilter<TeamSearchFilterType> {}
export interface TeamsRequestBody extends SearchFilter<TeamSearchFilterType> {
export interface TeamsRequestBody {
name: string;
}
export interface MyTeamsRequestQuery extends SearchFilter<TeamSearchFilterType> {}
const schema = {
GET: yup.object().shape({
...getFilterValidation(/All|Name|Owner/i),
}),
POST: yup.object().shape({
name: yup.string().max(50).required(),
}),
};
export default async (
req: NextApiRequestQueryBody<TeamsRequestQuery, TeamsRequestBody>,
res: NextApiResponse<Team[] | Team>,
) => {
await useAuth(req, res);
req.yup = schema;
await useValidate(req, res);
const {
user: { id: userId },
} = req.auth;

21
pages/api/teams/join.ts
View file

@ -1,21 +1,30 @@
import { Team } from '@prisma/client';
import { NextApiRequestQueryBody } from 'lib/types';
import { useAuth } from 'lib/middleware';
import { NextApiResponse } from 'next';
import { methodNotAllowed, ok, notFound } from 'next-basics';
import { createTeamUser, getTeamByAccessCode, getTeamUser } from 'queries';
import { ROLES } from 'lib/constants';
import { useAuth, useValidate } from 'lib/middleware';
import { NextApiRequestQueryBody } from 'lib/types';
import { NextApiResponse } from 'next';
import { methodNotAllowed, notFound, ok } from 'next-basics';
import { createTeamUser, getTeamByAccessCode, getTeamUser } from 'queries';
import * as yup from 'yup';
export interface TeamsJoinRequestBody {
accessCode: string;
}
const schema = {
POST: yup.object().shape({
accessCode: yup.string().max(50).required(),
}),
};
export default async (
req: NextApiRequestQueryBody<any, TeamsJoinRequestBody>,
res: NextApiResponse<Team>,
) => {
await useAuth(req, res);
req.yup = schema;
await useValidate(req, res);
if (req.method === 'POST') {
const { accessCode } = req.body;