watson/umami
1
0
Fork 0
mirror of https://github.com/umami-software/umami.git synced 2026-02-04 04:37:11 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Fix share URL permissions. (#1745)

Browse source 
* Fix share URL permissions.

* Add sql param logic.

* Add permissions to edit website.

* Update permissions.

* Move parameters to param injection.

* Sanitize eventdata.

* Remove caret.

* Fix avg.
This commit is contained in:
Brian Cao 2023-01-18 15:09:49 -08:00 committed by GitHub
parent 558ce268a0
commit 922c3acab3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
16 changed files with 139 additions and 79 deletions
Download patch file Download diff file Expand all files Collapse all files

6
pages/api/realtime/init.js
View file

@ -1,5 +1,5 @@
import { subMinutes } from 'date-fns';
import { ok, methodNotAllowed, createToken } from 'next-basics';
import { ok, unauthorized, methodNotAllowed, createToken } from 'next-basics';
import { useAuth } from 'lib/middleware';
import { getUserWebsites, getRealtimeData } from 'queries';
import { secret } from 'lib/crypto';
@ -10,6 +10,10 @@ export default async (req, res) => {
if (req.method === 'GET') {
const { userId } = req.auth;
if (!userId) {
return unauthorized(res);
}
const websites = await getUserWebsites({ userId });
const ids = websites.map(({ websiteUuid }) => websiteUuid);
const token = createToken({ websites: ids }, secret());