Merge branch 'dev' of https://github.com/umami-software/umami into dev

# Conflicts:
#	pages/api/account/index.js

pages/api/account/index.js

@@ -1,27 +0,0 @@
-import { ok, unauthorized, methodNotAllowed, badRequest, hashPassword } from 'next-basics';
-import { getAccountByUsername, createAccount } from 'queries';
-import { useAuth } from 'lib/middleware';
-
-export default async (req, res) => {
-  if (req.method === 'POST') {
-    await useAuth(req, res);
-
-    if (!req.auth.is_admin) {
-      return unauthorized(res);
-    }
-
-    const { username, password } = req.body;
-
-    const accountByUsername = await getAccountByUsername(username);
-
-    if (accountByUsername) {
-      return badRequest(res, 'Account already exists');
-    }
-
-    const created = await createAccount({ username, password: hashPassword(password) });
-
-    return ok(res, created);
-  }
-
-  return methodNotAllowed(res);
-};

pages/api/accounts/[id]/password.js

@@ -12,24 +12,25 @@ import {
 export default async (req, res) => {
   await useAuth(req, res);
 
-  const { user_id: auth_user_id, is_admin } = req.auth;
-  const { user_id, current_password, new_password } = req.body;
+  const { user_id: currentUserId, is_admin: currentUserIsAdmin } = req.auth;
+  const { current_password, new_password } = req.body;
+  const { id } = req.query;
+  const userId = +id;
 
-  if (!is_admin && user_id !== auth_user_id) {
+  if (!currentUserIsAdmin && userId !== currentUserId) {
     return unauthorized(res);
   }
 
   if (req.method === 'POST') {
-    const account = await getAccountById(user_id);
-    const valid = checkPassword(current_password, account.password);
+    const account = await getAccountById(userId);
 
-    if (!valid) {
+    if (!checkPassword(current_password, account.password)) {
       return badRequest(res, 'Current password is incorrect');
     }
 
     const password = hashPassword(new_password);
 
-    const updated = await updateAccount(user_id, { password });
+    const updated = await updateAccount(userId, { password });
 
     return ok(res, updated);
   }

pages/api/accounts/index.js

@@ -1,6 +1,7 @@
-import { getAccounts } from 'queries';
+import { ok, unauthorized, methodNotAllowed, badRequest, hashPassword } from 'next-basics';
 import { useAuth } from 'lib/middleware';
-import { ok, unauthorized, methodNotAllowed } from 'next-basics';
+import { uuid } from 'lib/crypto';
+import { createAccount, getAccountByUsername, getAccounts } from 'queries';
 
 export default async (req, res) => {
   await useAuth(req, res);
@@ -17,5 +18,29 @@ export default async (req, res) => {
     return ok(res, accounts);
   }
 
+  if (req.method === 'POST') {
+    await useAuth(req, res);
+
+    if (!req.auth.is_admin) {
+      return unauthorized(res);
+    }
+
+    const { username, password } = req.body;
+
+    const accountByUsername = await getAccountByUsername(username);
+
+    if (accountByUsername) {
+      return badRequest(res, 'Account already exists');
+    }
+
+    const created = await createAccount({
+      username,
+      password: hashPassword(password),
+      account_uuid: uuid(),
+    });
+
+    return ok(res, created);
+  }
+
   return methodNotAllowed(res);
 };

pages/api/website/[id]/index.js

@@ -1,34 +0,0 @@
-import { methodNotAllowed, ok, unauthorized } from 'next-basics';
-import { deleteWebsite, getWebsiteById } from 'queries';
-import { allowQuery } from 'lib/auth';
-import { useCors } from 'lib/middleware';
-
-export default async (req, res) => {
-  const { id } = req.query;
-
-  const websiteId = +id;
-
-  if (req.method === 'GET') {
-    await useCors(req, res);
-
-    if (!(await allowQuery(req))) {
-      return unauthorized(res);
-    }
-
-    const website = await getWebsiteById(websiteId);
-
-    return ok(res, website);
-  }
-
-  if (req.method === 'DELETE') {
-    if (!(await allowQuery(req, true))) {
-      return unauthorized(res);
-    }
-
-    await deleteWebsite(websiteId);
-
-    return ok(res);
-  }
-
-  return methodNotAllowed(res);
-};

pages/api/website/index.js

@@ -1,44 +0,0 @@
-import { ok, unauthorized, methodNotAllowed, getRandomChars } from 'next-basics';
-import { updateWebsite, createWebsite, getWebsiteById } from 'queries';
-import { useAuth } from 'lib/middleware';
-import { uuid } from 'lib/crypto';
-
-export default async (req, res) => {
-  await useAuth(req, res);
-
-  const { user_id, is_admin } = req.auth;
-  const { website_id, enable_share_url } = req.body;
-
-  if (req.method === 'POST') {
-    const { name, domain, owner } = req.body;
-    const website_owner = parseInt(owner);
-
-    if (website_id) {
-      const website = await getWebsiteById(website_id);
-
-      if (website.user_id !== user_id && !is_admin) {
-        return unauthorized(res);
-      }
-
-      let { share_id } = website;
-
-      if (enable_share_url) {
-        share_id = share_id ? share_id : getRandomChars(8);
-      } else {
-        share_id = null;
-      }
-
-      await updateWebsite(website_id, { name, domain, share_id, user_id: website_owner });
-
-      return ok(res);
-    } else {
-      const website_uuid = uuid();
-      const share_id = enable_share_url ? getRandomChars(8) : null;
-      const website = await createWebsite(website_owner, { website_uuid, name, domain, share_id });
-
-      return ok(res, website);
-    }
-  }
-
-  return methodNotAllowed(res);
-};

pages/api/websites/[id]/index.js

@@ -0,0 +1,59 @@
+import { getRandomChars, methodNotAllowed, ok, unauthorized } from 'next-basics';
+import { deleteWebsite, getWebsiteById, updateWebsite } from 'queries';
+import { allowQuery } from 'lib/auth';
+import { useAuth, useCors } from 'lib/middleware';
+
+export default async (req, res) => {
+  const { id } = req.query;
+
+  const websiteId = +id;
+
+  if (req.method === 'GET') {
+    await useCors(req, res);
+
+    if (!(await allowQuery(req))) {
+      return unauthorized(res);
+    }
+
+    const website = await getWebsiteById(websiteId);
+
+    return ok(res, website);
+  }
+
+  if (req.method === 'POST') {
+    await useAuth(req, res);
+
+    const { is_admin: currentUserIsAdmin, user_id: currentUserId } = req.auth;
+    const { name, domain, owner, enable_share_url } = req.body;
+
+    const website = await getWebsiteById(websiteId);
+
+    if (website.user_id !== currentUserId && !currentUserIsAdmin) {
+      return unauthorized(res);
+    }
+
+    let { share_id } = website;
+
+    if (enable_share_url) {
+      share_id = share_id ? share_id : getRandomChars(8);
+    } else {
+      share_id = null;
+    }
+
+    await updateWebsite(websiteId, { name, domain, share_id, user_id: +owner });
+
+    return ok(res);
+  }
+
+  if (req.method === 'DELETE') {
+    if (!(await allowQuery(req, true))) {
+      return unauthorized(res);
+    }
+
+    await deleteWebsite(websiteId);
+
+    return ok(res);
+  }
+
+  return methodNotAllowed(res);
+};

pages/api/websites/index.js

@@ -1,6 +1,7 @@
-import { getAllWebsites, getUserWebsites } from 'queries';
+import { createWebsite, getAllWebsites, getUserWebsites } from 'queries';
+import { ok, methodNotAllowed, unauthorized, getRandomChars } from 'next-basics';
 import { useAuth } from 'lib/middleware';
-import { ok, methodNotAllowed, unauthorized } from 'next-basics';
+import { uuid } from 'lib/crypto';
 
 export default async (req, res) => {
   await useAuth(req, res);
@@ -22,5 +23,24 @@ export default async (req, res) => {
     return ok(res, websites);
   }
 
+  if (req.method === 'POST') {
+    await useAuth(req, res);
+
+    const { is_admin: currentUserIsAdmin, user_id: currentUserId } = req.auth;
+    const { name, domain, owner, enable_share_url } = req.body;
+
+    const website_owner = +owner;
+
+    if (website_owner !== currentUserId && !currentUserIsAdmin) {
+      return unauthorized(res);
+    }
+
+    const website_uuid = uuid();
+    const share_id = enable_share_url ? getRandomChars(8) : null;
+    const website = await createWebsite(website_owner, { website_uuid, name, domain, share_id });
+
+    return ok(res, website);
+  }
+
   return methodNotAllowed(res);
 };