Convert /api/users.

2026-02-06 05:37:20 +01:00 · 2025-01-21 19:10:34 -08:00 · 2025-01-21 19:10:34 -08:00 · baa3851fb4
commit baa3851fb4
parent 090abcff81
61 changed files with 1064 additions and 70 deletions
--- a/src/app/api/users/[userId]/route.ts
+++ b/src/app/api/users/[userId]/route.ts
@ -0,0 +1,72 @@
+import { z } from 'zod';
+import { canUpdateUser, canViewUser, checkAuth } from 'lib/auth';
+import { getUser, getUserByUsername, updateUser } from 'queries';
+import { json, unauthorized, badRequest } from 'lib/response';
+import { hashPassword } from 'next-basics';
+import { checkRequest } from 'lib/request';
+
+export async function GET(request: Request, { params }: { params: Promise<{ userId: string }> }) {
+  const { userId } = await params;
+  const auth = await checkAuth(request);
+
+  if (!auth || !(await canViewUser(auth, userId))) {
+    return unauthorized();
+  }
+
+  const user = await getUser(userId);
+
+  return json(user);
+}
+
+export async function POST(request: Request, { params }: { params: Promise<{ userId: string }> }) {
+  const schema = z.object({
+    username: z.string().max(255),
+    password: z.string().max(255),
+    role: z.string().regex(/admin|user|view-only/i),
+  });
+
+  const { body, error } = await checkRequest(request, schema);
+
+  if (error) {
+    return badRequest(error);
+  }
+
+  const { userId } = await params;
+  const auth = await checkAuth(request);
+
+  if (!auth || !(await canUpdateUser(auth, userId))) {
+    return unauthorized();
+  }
+
+  const { username, password, role } = body;
+
+  const user = await getUser(userId);
+
+  const data: any = {};
+
+  if (password) {
+    data.password = hashPassword(password);
+  }
+
+  // Only admin can change these fields
+  if (role && auth.user.isAdmin) {
+    data.role = role;
+  }
+
+  if (username && auth.user.isAdmin) {
+    data.username = username;
+  }
+
+  // Check when username changes
+  if (data.username && user.username !== data.username) {
+    const user = await getUserByUsername(username);
+
+    if (user) {
+      return badRequest('User already exists');
+    }
+  }
+
+  const updated = await updateUser(userId, data);
+
+  return json(updated);
+}
--- a/src/app/api/users/[userId]/teams/route.ts
+++ b/src/app/api/users/[userId]/teams/route.ts
@ -0,0 +1,30 @@
+import { z } from 'zod';
+import { pagingParams } from 'lib/schema';
+import { getUserTeams } from 'queries';
+import { checkAuth } from 'lib/auth';
+import { unauthorized, badRequest, json } from 'lib/response';
+import { checkRequest } from 'lib/request';
+
+const schema = z.object({
+  ...pagingParams,
+});
+
+export async function GET(request: Request, { params }: { params: Promise<{ userId: string }> }) {
+  const { userId } = await params;
+
+  const { query, error } = await checkRequest(request, schema);
+
+  if (error) {
+    return badRequest(error);
+  }
+
+  const auth = await checkAuth(request);
+
+  if (!auth || (!auth.user.isAdmin && (!userId || auth.user.id !== userId))) {
+    return unauthorized();
+  }
+
+  const teams = await getUserTeams(userId, query);
+
+  return json(teams);
+}
--- a/src/app/api/users/[userId]/usage/route.ts
+++ b/src/app/api/users/[userId]/usage/route.ts
@ -0,0 +1,66 @@
+import { z } from 'zod';
+import { json, unauthorized, badRequest } from 'lib/response';
+import { getAllUserWebsitesIncludingTeamOwner } from 'queries/prisma/website';
+import { getEventUsage } from 'queries/analytics/events/getEventUsage';
+import { getEventDataUsage } from 'queries/analytics/events/getEventDataUsage';
+import { checkAuth } from 'lib/auth';
+import { checkRequest } from 'lib/request';
+
+const schema = z.object({
+  startAt: z.coerce.number(),
+  endAt: z.coerce.number(),
+});
+
+export async function GET(request: Request, { params }: { params: Promise<{ userId: string }> }) {
+  const { query, error } = await checkRequest(request, schema);
+
+  if (error) {
+    return badRequest(error);
+  }
+
+  const auth = await checkAuth(request);
+
+  if (!auth || !auth.user.isAdmin) {
+    return unauthorized();
+  }
+
+  const { userId } = await params;
+  const { startAt, endAt } = query;
+
+  const startDate = new Date(+startAt);
+  const endDate = new Date(+endAt);
+
+  const websites = await getAllUserWebsitesIncludingTeamOwner(userId);
+
+  const websiteIds = websites.map(a => a.id);
+
+  const websiteEventUsage = await getEventUsage(websiteIds, startDate, endDate);
+  const eventDataUsage = await getEventDataUsage(websiteIds, startDate, endDate);
+
+  const websiteUsage = websites.map(a => ({
+    websiteId: a.id,
+    websiteName: a.name,
+    websiteEventUsage: websiteEventUsage.find(b => a.id === b.websiteId)?.count || 0,
+    eventDataUsage: eventDataUsage.find(b => a.id === b.websiteId)?.count || 0,
+    deletedAt: a.deletedAt,
+  }));
+
+  const usage = websiteUsage.reduce(
+    (acc, cv) => {
+      acc.websiteEventUsage += cv.websiteEventUsage;
+      acc.eventDataUsage += cv.eventDataUsage;
+
+      return acc;
+    },
+    { websiteEventUsage: 0, eventDataUsage: 0 },
+  );
+
+  const filteredWebsiteUsage = websiteUsage.filter(
+    a => !a.deletedAt && (a.websiteEventUsage > 0 || a.eventDataUsage > 0),
+  );
+
+  return json({
+    ...usage,
+    websites: filteredWebsiteUsage,
+  });
+}
--- a/src/app/api/users/[userId]/websites/route.ts
+++ b/src/app/api/users/[userId]/websites/route.ts
@ -0,0 +1,29 @@
+import { z } from 'zod';
+import { unauthorized, json, badRequest } from 'lib/response';
+import { getUserWebsites } from 'queries/prisma/website';
+import { pagingParams } from 'lib/schema';
+import { checkRequest } from 'lib/request';
+import { checkAuth } from 'lib/auth';
+
+const schema = z.object({
+  ...pagingParams,
+});
+
+export async function GET(request: Request, { params }: { params: Promise<{ userId: string }> }) {
+  const { query, error } = await checkRequest(request, schema);
+
+  if (error) {
+    return badRequest(error);
+  }
+
+  const { userId } = await params;
+  const auth = await checkAuth(request);
+
+  if (!auth || (!auth.user.isAdmin && auth.user.id !== userId)) {
+    return unauthorized();
+  }
+
+  const websites = await getUserWebsites(userId, query);
+
+  return json(websites);
+}
--- a/src/app/api/users/route.ts
+++ b/src/app/api/users/route.ts
@ -0,0 +1,46 @@
+import { z } from 'zod';
+import { hashPassword } from 'next-basics';
+import { canCreateUser, checkAuth } from 'lib/auth';
+import { ROLES } from 'lib/constants';
+import { uuid } from 'lib/crypto';
+import { checkRequest } from 'lib/request';
+import { unauthorized, json, badRequest } from 'lib/response';
+import { createUser, getUserByUsername } from 'queries';
+
+const schema = z.object({
+  username: z.string().max(255),
+  password: z.string(),
+  id: z.string().uuid(),
+  role: z.string().regex(/admin|user|view-only/i),
+});
+
+export async function POST(request: Request) {
+  const { body, error } = await checkRequest(request, schema);
+
+  if (error) {
+    return badRequest(error);
+  }
+
+  const auth = await checkAuth(request);
+
+  if (!auth || !(await canCreateUser(auth))) {
+    return unauthorized();
+  }
+
+  const { username, password, role, id } = body;
+
+  const existingUser = await getUserByUsername(username, { showDeleted: true });
+
+  if (existingUser) {
+    return badRequest('User already exists');
+  }
+
+  const user = await createUser({
+    id: id || uuid(),
+    username,
+    password: hashPassword(password),
+    role: role ?? ROLES.user,
+  });
+
+  return json(user);
+}