diff --git a/src/app/api/teams/route.ts b/src/app/api/teams/route.ts index cd71b24a..2eb0c8d8 100644 --- a/src/app/api/teams/route.ts +++ b/src/app/api/teams/route.ts @@ -29,7 +29,7 @@ export async function POST(request: Request) { name, accessCode: `team_${getRandomChars(16)}`, }, - auth.user.userId, + auth.user.id, ); return json(team); diff --git a/src/app/api/users/[userId]/route.ts b/src/app/api/users/[userId]/route.ts index 684be305..0955fc7c 100644 --- a/src/app/api/users/[userId]/route.ts +++ b/src/app/api/users/[userId]/route.ts @@ -1,7 +1,7 @@ import { z } from 'zod'; -import { canUpdateUser, canViewUser } from 'lib/auth'; -import { getUser, getUserByUsername, updateUser } from 'queries'; -import { json, unauthorized, badRequest } from 'lib/response'; +import { canUpdateUser, canViewUser, canDeleteUser } from 'lib/auth'; +import { getUser, getUserByUsername, updateUser, deleteUser } from 'queries'; +import { json, unauthorized, badRequest, ok } from 'lib/response'; import { hashPassword } from 'next-basics'; import { parseRequest } from 'lib/request'; @@ -74,3 +74,28 @@ export async function POST(request: Request, { params }: { params: Promise<{ use return json(updated); } + +export async function DELETE( + request: Request, + { params }: { params: Promise<{ userId: string }> }, +) { + const { auth, error } = await parseRequest(request); + + if (error) { + return error(); + } + + const { userId } = await params; + + if (!(await canDeleteUser(auth))) { + return unauthorized(); + } + + if (userId === auth.user.id) { + return badRequest('You cannot delete yourself.'); + } + + await deleteUser(userId); + + return ok(); +} diff --git a/src/app/api/websites/route.ts b/src/app/api/websites/route.ts index 3911d8d8..dfc48cee 100644 --- a/src/app/api/websites/route.ts +++ b/src/app/api/websites/route.ts @@ -15,7 +15,7 @@ export async function GET(request: Request) { return error(); } - const websites = await getUserWebsites(auth.user.userId, query); + const websites = await getUserWebsites(auth.user.id, query); return json(websites); } @@ -24,8 +24,8 @@ export async function POST(request: Request) { const schema = z.object({ name: z.string().max(100), domain: z.string().max(500), - shareId: z.string().max(50).nullable(), - teamId: z.string().nullable(), + shareId: z.string().max(50).nullable().optional(), + teamId: z.string().nullable().optional(), }); const { auth, body, error } = await parseRequest(request, schema); @@ -42,7 +42,7 @@ export async function POST(request: Request) { const data: any = { id: uuid(), - createdBy: auth.user.userId, + createdBy: auth.user.id, name, domain, shareId, @@ -50,7 +50,7 @@ export async function POST(request: Request) { }; if (!teamId) { - data.userId = auth.user.userId; + data.userId = auth.user.id; } const website = await createWebsite(data); diff --git a/src/lib/response.ts b/src/lib/response.ts index 5e3b020f..7c99690f 100644 --- a/src/lib/response.ts +++ b/src/lib/response.ts @@ -17,13 +17,13 @@ export function unauthorized(message?: any) { } export function forbidden(message?: any) { - return Response.json({ error: 'Forbidden', message, status: 403 }); + return Response.json({ error: 'Forbidden', message }, { status: 403 }); } export function notFound(message?: any) { - return Response.json({ error: 'Not found', message, status: 404 }); + return Response.json({ error: 'Not found', message }, { status: 404 }); } export function serverError(error?: any) { - return Response.json({ error: 'Server error', message: serializeError(error), status: 500 }); + return Response.json({ error: 'Server error', message: serializeError(error) }, { status: 500 }); }