Handle website delete. Added response helper functions.

pages/api/auth/login.js

@@ -2,6 +2,7 @@ import { serialize } from 'cookie';
 import { checkPassword, createSecureToken } from 'lib/crypto';
 import { getAccount } from 'lib/db';
 import { AUTH_COOKIE_NAME } from 'lib/constants';
+import { ok, unauthorized } from 'lib/response';
 
 export default async (req, res) => {
   const { username, password } = req.body;
@@ -19,8 +20,8 @@ export default async (req, res) => {
 
     res.setHeader('Set-Cookie', [cookie]);
 
-    return res.status(200).json({ token });
+    return ok(res, { token });
   }
 
-  return res.status(401).end();
+  return unauthorized(res);
 };

pages/api/auth/logout.js

@@ -1,5 +1,6 @@
 import { serialize } from 'cookie';
 import { AUTH_COOKIE_NAME } from 'lib/constants';
+import { redirect } from 'lib/response';
 
 export default async (req, res) => {
   const cookie = serialize(AUTH_COOKIE_NAME, '', {
@@ -8,9 +9,7 @@ export default async (req, res) => {
     maxAge: 0,
   });
 
-  res.statusCode = 303;
   res.setHeader('Set-Cookie', [cookie]);
-  res.setHeader('Location', '/login');
 
-  return res.end();
+  return redirect(res, '/login');
 };

pages/api/auth/verify.js

@@ -1,11 +1,12 @@
 import { useAuth } from 'lib/middleware';
+import { ok, unauthorized } from 'lib/response';
 
 export default async (req, res) => {
   await useAuth(req, res);
 
   if (req.auth) {
-    return res.status(200).json(req.auth);
+    return ok(res, req.auth);
   }
 
-  return res.status(401).end();
+  return unauthorized(res);
 };

pages/api/collect.js

@@ -1,6 +1,7 @@
 import { savePageView, saveEvent } from 'lib/db';
 import { useCors, useSession } from 'lib/middleware';
 import { createToken } from 'lib/crypto';
+import { ok, badRequest } from 'lib/response';
 
 export default async (req, res) => {
   await useCors(req, res);
@@ -10,21 +11,18 @@ export default async (req, res) => {
   const token = await createToken(session);
   const { website_id, session_id } = session;
   const { type, payload } = req.body;
-  let ok = false;
 
   if (type === 'pageview') {
     const { url, referrer } = payload;
 
     await savePageView(website_id, session_id, url, referrer);
-
-    ok = true;
   } else if (type === 'event') {
     const { url, event_type, event_value } = payload;
 
     await saveEvent(website_id, session_id, url, event_type, event_value);
-
-    ok = true;
+  } else {
+    return badRequest(res);
   }
 
-  return res.status(200).json({ ok, session: token });
+  return ok(res, { session: token });
 };

pages/api/user.js

@@ -1,12 +1,13 @@
-import { verifySecureToken } from 'lib/crypto';
+import { parseSecureToken } from 'lib/crypto';
+import { ok, badRequest } from 'lib/response';
 
 export default async (req, res) => {
   const { token } = req.body;
 
   try {
-    const payload = await verifySecureToken(token);
-    return res.status(200).json(payload);
+    const payload = await parseSecureToken(token);
+    return ok(res, payload);
   } catch {
-    return res.status(400).end();
+    return badRequest(res);
   }
 };

pages/api/website.js

@@ -1,26 +1,40 @@
-import { getWebsites, updateWebsite } from 'lib/db';
+import { getWebsites, updateWebsite, createWebsite, getWebsite } from 'lib/db';
 import { useAuth } from 'lib/middleware';
+import { uuid } from 'lib/crypto';
+import { ok, unauthorized, methodNotAllowed } from 'lib/response';
 
 export default async (req, res) => {
   await useAuth(req, res);
 
-  const { user_id } = req.auth;
+  const { user_id, is_admin } = req.auth;
   const { website_id } = req.body;
 
   if (req.method === 'GET') {
     const websites = await getWebsites(user_id);
 
-    return res.status(200).json(websites);
+    return ok(res, websites);
   }
 
   if (req.method === 'POST') {
-    if (website_id) {
-      const { name, domain } = req.body;
-      const website = await updateWebsite(website_id, { name, domain });
+    const { name, domain } = req.body;
 
-      return res.status(200).json(website);
+    if (website_id) {
+      const website = getWebsite(website_id);
+
+      if (website.user_id === user_id || is_admin) {
+        await updateWebsite(website_id, { name, domain });
+
+        return ok(res);
+      }
+
+      return unauthorized(res);
+    } else {
+      const website_uuid = uuid();
+      const website = await createWebsite(user_id, { website_uuid, name, domain });
+
+      return ok(res, website);
     }
   }
 
-  return res.status(405).end();
+  return methodNotAllowed(res);
 };

pages/api/website/[id]/index.js

@@ -1,12 +1,31 @@
-import { getWebsite } from 'lib/db';
+import { deleteWebsite, getWebsite } from 'lib/db';
 import { useAuth } from 'lib/middleware';
+import { methodNotAllowed, ok, unauthorized } from 'lib/response';
 
 export default async (req, res) => {
   await useAuth(req, res);
 
+  const { user_id, is_admin } = req.auth;
   const { id } = req.query;
+  const website_id = +id;
 
-  const website = await getWebsite({ website_id: +id });
+  if (req.method === 'GET') {
+    const website = await getWebsite({ website_id });
 
-  return res.status(200).json(website);
+    return ok(res, website);
+  }
+
+  if (req.method === 'DELETE') {
+    const website = await getWebsite({ website_id });
+
+    if (website.user_id === user_id || is_admin) {
+      await deleteWebsite(website_id);
+
+      return ok(res);
+    }
+
+    return unauthorized(res);
+  }
+
+  return methodNotAllowed(res);
 };

pages/api/website/[id]/metrics.js

@@ -1,5 +1,6 @@
 import { getMetrics } from 'lib/db';
 import { useAuth } from 'lib/middleware';
+import { ok } from 'lib/response';
 
 export default async (req, res) => {
   await useAuth(req, res);
@@ -17,5 +18,5 @@ export default async (req, res) => {
     return obj;
   }, {});
 
-  return res.status(200).json(stats);
+  return ok(res, stats);
 };

pages/api/website/[id]/pageviews.js

@@ -1,6 +1,7 @@
 import moment from 'moment-timezone';
 import { getPageviewData } from 'lib/db';
 import { useAuth } from 'lib/middleware';
+import { ok, badRequest } from 'lib/response';
 
 const unitTypes = ['month', 'hour', 'day'];
 
@@ -10,7 +11,7 @@ export default async (req, res) => {
   const { id, start_at, end_at, unit, tz } = req.query;
 
   if (!moment.tz.zone(tz) || !unitTypes.includes(unit)) {
-    return res.status(400).end();
+    return badRequest(res);
   }
 
   const start = new Date(+start_at);
@@ -21,5 +22,5 @@ export default async (req, res) => {
     getPageviewData(+id, start, end, tz, unit, 'distinct session_id'),
   ]);
 
-  return res.status(200).json({ pageviews, uniques });
+  return ok(res, { pageviews, uniques });
 };

pages/api/website/[id]/rankings.js

@@ -1,5 +1,6 @@
 import { getRankings } from 'lib/db';
 import { useAuth } from 'lib/middleware';
+import { ok, badRequest } from 'lib/response';
 
 const sessionColumns = ['browser', 'os', 'device', 'country'];
 const pageviewColumns = ['url', 'referrer'];
@@ -10,12 +11,12 @@ export default async (req, res) => {
   const { id, type, start_at, end_at } = req.query;
 
   if (!sessionColumns.includes(type) && !pageviewColumns.includes(type)) {
-    return res.status(400).end();
+    return badRequest(res);
   }
 
   const table = sessionColumns.includes(type) ? 'session' : 'pageview';
 
   const rankings = await getRankings(+id, new Date(+start_at), new Date(+end_at), type, table);
 
-  return res.status(200).json(rankings);
+  return ok(res, rankings);
 };