Dev (#1702)

* Initial Typescript models. * Re-add realtime data * get distinct sessions for session metrics * Add queries for new schema. * Fix Typo. * Add some api/team endpoints. * Fix destructure error. * Fix getWebsites call. * Ignore typescript build errors. * Fix enum issue. * add clickhouse route to deleteWebsite * Fix Website auth. * Updated lint-staged config. * Add permission checks. * Add user role api. * Fix error when updating website. * Fix isAdmin check. Fix Schema. * Initial conversion to react-basics. * Remove user/team transfer from website update. * delete website in relational query * Fix login secure token creation. * Add event type to event. * Allow user to be added to team with role. * Updated login form. * Add Role to TeamUser. * Add database migration. * Refactored permissions check. Updated redis lib. * Feat/um 114 roles and permissions (#1683) * Auth checkpoint. * Merge branch 'dev' into feat/um-114-roles-and-permissions * Add 02 migration. * Added lib/types. * Updated schema. * Updated roles and permissions logic. * Implement react-basics styles. Fix queries. * Update website details layout. * Add 01 migration. * Fix admin create. * Update react-basics. Co-authored-by: Francis Cao <franciscao@gmail.com> Co-authored-by: Mike Cao <mike@mikecao.com> Co-authored-by: Mike Cao <moocao@gmail.com>
2026-02-16 02:25:35 +01:00 · 2022-12-12 19:45:38 -08:00 · 2022-12-12 19:45:38 -08:00 · 8732d056dd
commit 8732d056dd
parent 94848cc41b
165 changed files with 3370 additions and 6268 deletions
--- a/pages/api/users/[id]/password.ts
+++ b/pages/api/users/[id]/password.ts
@ -0,0 +1,55 @@
+import { NextApiRequestQueryBody } from 'lib/types';
+import { canUpdateUser } from 'lib/auth';
+import { useAuth } from 'lib/middleware';
+import { NextApiResponse } from 'next';
+import {
+  badRequest,
+  checkPassword,
+  hashPassword,
+  methodNotAllowed,
+  ok,
+  unauthorized,
+} from 'next-basics';
+import { getUser, updateUser, User } from 'queries';
+
+export interface UserPasswordRequestQuery {
+  id: string;
+}
+
+export interface UserPasswordRequestBody {
+  current_password: string;
+  new_password: string;
+}
+
+export default async (
+  req: NextApiRequestQueryBody<UserPasswordRequestQuery, UserPasswordRequestBody>,
+  res: NextApiResponse<User>,
+) => {
+  await useAuth(req, res);
+
+  const { current_password, new_password } = req.body;
+  const { id } = req.query;
+  const {
+    user: { id: userId },
+  } = req.auth;
+
+  if (req.method === 'POST') {
+    if (canUpdateUser(userId, id)) {
+      return unauthorized(res);
+    }
+
+    const user = await getUser({ id });
+
+    if (!checkPassword(current_password, user.password)) {
+      return badRequest(res, 'Current password is incorrect');
+    }
+
+    const password = hashPassword(new_password);
+
+    const updated = await updateUser({ password }, { id });
+
+    return ok(res, updated);
+  }
+
+  return methodNotAllowed(res);
+};