diff --git a/src/app/api/teams/[teamId]/route.ts b/src/app/api/teams/[teamId]/route.ts new file mode 100644 index 00000000..7348e3c4 --- /dev/null +++ b/src/app/api/teams/[teamId]/route.ts @@ -0,0 +1,75 @@ +import { z } from 'zod'; +import { unauthorized, json, badRequest, notFound, ok } from 'lib/response'; +import { canDeleteTeam, canUpdateTeam, canViewTeam, checkAuth } from 'lib/auth'; +import { checkRequest } from 'lib/request'; +import { deleteTeam, getTeam, updateTeam } from 'queries'; + +export async function GET(request: Request, { params }: { params: Promise<{ teamId: string }> }) { + const schema = z.object({ + teamId: z.string().uuid(), + }); + + const { error } = await checkRequest(request, schema); + + if (error) { + return badRequest(error); + } + + const { teamId } = await params; + + const auth = await checkAuth(request); + + if (!auth || !(await canViewTeam(auth, teamId))) { + return unauthorized(); + } + + const team = await getTeam(teamId, { includeMembers: true }); + + if (!team) { + return notFound('Team not found.'); + } + + return json(team); +} + +export async function POST(request: Request, { params }: { params: Promise<{ teamId: string }> }) { + const schema = z.object({ + name: z.string().max(50), + accessCode: z.string().max(50), + }); + + const { body, error } = await checkRequest(request, schema); + + if (error) { + return badRequest(error); + } + + const { teamId } = await params; + + const auth = await checkAuth(request); + + if (!auth || !(await canUpdateTeam(auth, teamId))) { + return unauthorized('You must be the owner of this team.'); + } + + const team = await updateTeam(teamId, body); + + return json(team); +} + +export async function DELETE( + request: Request, + { params }: { params: Promise<{ teamId: string }> }, +) { + const { teamId } = await params; + + const auth = await checkAuth(request); + + if (!auth || !(await canDeleteTeam(auth, teamId))) { + return unauthorized('You must be the owner of this team.'); + } + + await deleteTeam(teamId); + + return ok(); +} diff --git a/src/app/api/teams/[teamId]/users/[userId]/route.ts b/src/app/api/teams/[teamId]/users/[userId]/route.ts new file mode 100644 index 00000000..c0a7f11f --- /dev/null +++ b/src/app/api/teams/[teamId]/users/[userId]/route.ts @@ -0,0 +1,72 @@ +import { z } from 'zod'; +import { unauthorized, json, badRequest, ok } from 'lib/response'; +import { canDeleteTeam, canUpdateTeam, checkAuth } from 'lib/auth'; +import { checkRequest } from 'lib/request'; +import { deleteTeam, getTeamUser, updateTeamUser } from 'queries'; + +export async function GET( + request: Request, + { params }: { params: Promise<{ teamId: string; userId: string }> }, +) { + const { teamId, userId } = await params; + + const auth = await checkAuth(request); + + if (!(await canUpdateTeam(auth, teamId))) { + return unauthorized('You must be the owner of this team.'); + } + + const teamUser = await getTeamUser(teamId, userId); + + return json(teamUser); +} + +export async function POST( + request: Request, + { params }: { params: Promise<{ teamId: string; userId: string }> }, +) { + const schema = z.object({ + role: z.string().regex(/team-member|team-view-only|team-manager/), + }); + + const { body, error } = await checkRequest(request, schema); + + if (error) { + return badRequest(error); + } + + const { teamId, userId } = await params; + + const auth = await checkAuth(request); + + if (!(await canUpdateTeam(auth, teamId))) { + return unauthorized('You must be the owner of this team.'); + } + + const teamUser = await getTeamUser(teamId, userId); + + if (!teamUser) { + return badRequest('The User does not exists on this team.'); + } + + const user = await updateTeamUser(teamUser.id, body); + + return json(user); +} + +export async function DELETE( + request: Request, + { params }: { params: Promise<{ teamId: string }> }, +) { + const { teamId } = await params; + + const auth = await checkAuth(request); + + if (!auth || !(await canDeleteTeam(auth, teamId))) { + return unauthorized('You must be the owner of this team.'); + } + + await deleteTeam(teamId); + + return ok(); +} diff --git a/src/app/api/teams/[teamId]/users/route.ts b/src/app/api/teams/[teamId]/users/route.ts new file mode 100644 index 00000000..3b7f9558 --- /dev/null +++ b/src/app/api/teams/[teamId]/users/route.ts @@ -0,0 +1,83 @@ +import { z } from 'zod'; +import { unauthorized, json, badRequest } from 'lib/response'; +import { canAddUserToTeam, canUpdateTeam, checkAuth } from 'lib/auth'; +import { checkRequest } from 'lib/request'; +import { pagingParams, roleParam } from 'lib/schema'; +import { createTeamUser, getTeamUser, getTeamUsers } from 'queries'; + +export async function GET(request: Request, { params }: { params: Promise<{ teamId: string }> }) { + const schema = z.object({ + ...pagingParams, + }); + + const { query, error } = await checkRequest(request, schema); + + if (error) { + return badRequest(error); + } + + const { teamId } = await params; + + const auth = await checkAuth(request); + + if (!(await canUpdateTeam(auth, teamId))) { + return unauthorized('You must be the owner of this team.'); + } + + const users = await getTeamUsers( + { + where: { + teamId, + user: { + deletedAt: null, + }, + }, + include: { + user: { + select: { + id: true, + username: true, + }, + }, + }, + }, + query, + ); + + return json(users); +} + +export async function POST( + request: Request, + { params }: { params: Promise<{ teamId: string; userId: string }> }, +) { + const schema = z.object({ + role: roleParam, + }); + + const { body, error } = await checkRequest(request, schema); + + if (error) { + return badRequest(error); + } + + const { teamId } = await params; + + const auth = await checkAuth(request); + + if (!auth || !(await canAddUserToTeam(auth))) { + return unauthorized(); + } + + const { userId, role } = body; + + const teamUser = await getTeamUser(teamId, userId); + + if (teamUser) { + return badRequest('User is already a member of the Team.'); + } + + const users = await createTeamUser(userId, teamId, role); + + return json(users); +} diff --git a/src/app/api/teams/[teamId]/websites/route.ts b/src/app/api/teams/[teamId]/websites/route.ts new file mode 100644 index 00000000..1d06b3c8 --- /dev/null +++ b/src/app/api/teams/[teamId]/websites/route.ts @@ -0,0 +1,30 @@ +import { z } from 'zod'; +import { unauthorized, json, badRequest } from 'lib/response'; +import { canViewTeam, checkAuth } from 'lib/auth'; +import { checkRequest } from 'lib/request'; +import { pagingParams } from 'lib/schema'; +import { getTeamWebsites } from 'queries'; + +export async function GET(request: Request, { params }: { params: Promise<{ teamId: string }> }) { + const schema = z.object({ + ...pagingParams, + }); + + const { query, error } = await checkRequest(request, schema); + + if (error) { + return badRequest(error); + } + + const { teamId } = await params; + + const auth = await checkAuth(request); + + if (!auth || !(await canViewTeam(auth, teamId))) { + return unauthorized(); + } + + const websites = await getTeamWebsites(teamId, query); + + return json(websites); +} diff --git a/src/app/api/teams/join/route.ts b/src/app/api/teams/join/route.ts new file mode 100644 index 00000000..c7bff019 --- /dev/null +++ b/src/app/api/teams/join/route.ts @@ -0,0 +1,46 @@ +import { z } from 'zod'; +import { unauthorized, json, badRequest, notFound } from 'lib/response'; +import { canCreateTeam, checkAuth } from 'lib/auth'; +import { checkRequest } from 'lib/request'; +import { ROLES } from 'lib/constants'; +import { createTeamUser, findTeam, getTeamUser } from 'queries'; + +export async function POST(request: Request) { + const schema = z.object({ + accessCode: z.string().max(50), + }); + + const { body, error } = await checkRequest(request, schema); + + if (error) { + return badRequest(error); + } + + const auth = await checkAuth(request); + + if (!auth || !(await canCreateTeam(auth))) { + return unauthorized(); + } + + const { accessCode } = body; + + const team = await findTeam({ + where: { + accessCode, + }, + }); + + if (!team) { + return notFound('Team not found.'); + } + + const teamUser = await getTeamUser(team.id, auth.user.id); + + if (teamUser) { + return badRequest('User is already a team member.'); + } + + const user = await createTeamUser(auth.user.id, team.id, ROLES.teamMember); + + return json(user); +} diff --git a/src/app/api/teams/route.ts b/src/app/api/teams/route.ts new file mode 100644 index 00000000..1c097e8e --- /dev/null +++ b/src/app/api/teams/route.ts @@ -0,0 +1,38 @@ +import { z } from 'zod'; +import { getRandomChars } from 'next-basics'; +import { unauthorized, json, badRequest } from 'lib/response'; +import { canCreateTeam, checkAuth } from 'lib/auth'; +import { uuid } from 'lib/crypto'; +import { checkRequest } from 'lib/request'; +import { createTeam } from 'queries'; + +export async function POST(request: Request) { + const schema = z.object({ + name: z.string().max(50), + }); + + const { body, error } = await checkRequest(request, schema); + + if (error) { + return badRequest(error); + } + + const auth = await checkAuth(request); + + if (!auth || !(await canCreateTeam(auth))) { + return unauthorized(); + } + + const { name } = body; + + const team = await createTeam( + { + id: uuid(), + name, + accessCode: `team_${getRandomChars(16)}`, + }, + auth.user.userId, + ); + + return json(team); +} diff --git a/src/components/hooks/queries/useWebsitePageviews.ts b/src/components/hooks/queries/useWebsitePageviews.ts index 42fb527e..43c51745 100644 --- a/src/components/hooks/queries/useWebsitePageviews.ts +++ b/src/components/hooks/queries/useWebsitePageviews.ts @@ -1,6 +1,6 @@ import { UseQueryOptions } from '@tanstack/react-query'; import { useApi } from '../useApi'; -import { useFilterParams } from '..//useFilterParams'; +import { useFilterParams } from '../useFilterParams'; export function useWebsitePageviews( websiteId: string, diff --git a/src/lib/response.ts b/src/lib/response.ts index da9e3f89..7ed0316e 100644 --- a/src/lib/response.ts +++ b/src/lib/response.ts @@ -12,10 +12,14 @@ export function badRequest(message?: any) { return Response.json({ error: 'Bad request', message }, { status: 400 }); } -export function unauthorized() { - return Response.json({ error: 'Unauthorized' }, { status: 401 }); +export function notFound(message?: any) { + return Response.json({ error: 'Not found', message, status: 404 }); } -export function serverError(error: any) { +export function unauthorized(message?: any) { + return Response.json({ error: 'Unauthorized', message }, { status: 401 }); +} + +export function serverError(error?: any) { return Response.json({ error: 'Server error', message: serializeError(error), status: 500 }); } diff --git a/src/lib/schema.ts b/src/lib/schema.ts index c39e47fd..5f81b1f1 100644 --- a/src/lib/schema.ts +++ b/src/lib/schema.ts @@ -30,6 +30,8 @@ export const unitParam = z.string().refine(value => UNIT_TYPES.includes(value), message: 'Invalid unit', }); +export const roleParam = z.string().regex(/team-member|team-view-only|team-manager/); + export const filterParams = { url: z.string().optional(), referrer: z.string().optional(), diff --git a/src/pages/api/teams/[teamId]/index.ts b/src/pages/api/teams/[teamId]/_index.ts similarity index 100% rename from src/pages/api/teams/[teamId]/index.ts rename to src/pages/api/teams/[teamId]/_index.ts diff --git a/src/pages/api/teams/[teamId]/users/[userId].ts b/src/pages/api/teams/[teamId]/users/_[userId].ts similarity index 100% rename from src/pages/api/teams/[teamId]/users/[userId].ts rename to src/pages/api/teams/[teamId]/users/_[userId].ts diff --git a/src/pages/api/teams/[teamId]/users/index.ts b/src/pages/api/teams/[teamId]/users/_index.ts similarity index 100% rename from src/pages/api/teams/[teamId]/users/index.ts rename to src/pages/api/teams/[teamId]/users/_index.ts diff --git a/src/pages/api/teams/[teamId]/websites/index.ts b/src/pages/api/teams/[teamId]/websites/_index.ts similarity index 100% rename from src/pages/api/teams/[teamId]/websites/index.ts rename to src/pages/api/teams/[teamId]/websites/_index.ts diff --git a/src/pages/api/teams/index.ts b/src/pages/api/teams/_index.ts similarity index 100% rename from src/pages/api/teams/index.ts rename to src/pages/api/teams/_index.ts diff --git a/src/pages/api/teams/join.ts b/src/pages/api/teams/_join.ts similarity index 100% rename from src/pages/api/teams/join.ts rename to src/pages/api/teams/_join.ts