56 lines
1.3 KiB
TypeScript
56 lines
1.3 KiB
TypeScript
|
import jwt from "jsonwebtoken";
|
||
|
import type { NextApiRequest } from "next";
|
||
|
|
||
|
import prisma from "@calcom/prisma";
|
||
|
import type { OAuthTokenPayload } from "@calcom/web/pages/api/auth/oauth/token";
|
||
|
|
||
|
export default async function isAuthorized(req: NextApiRequest, requiredScopes: string[] = []) {
|
||
|
const token = req.headers.authorization?.split(" ")[1] || "";
|
||
|
let decodedToken: OAuthTokenPayload;
|
||
|
try {
|
||
|
decodedToken = jwt.verify(token, process.env.CALENDSO_ENCRYPTION_KEY || "") as OAuthTokenPayload;
|
||
|
} catch {
|
||
|
return null;
|
||
|
}
|
||
|
|
||
|
if (!decodedToken) return null;
|
||
|
const hasAllRequiredScopes = requiredScopes.every((scope) => decodedToken.scope.includes(scope));
|
||
|
|
||
|
if (!hasAllRequiredScopes || decodedToken.token_type !== "Access Token") {
|
||
|
return null;
|
||
|
}
|
||
|
|
||
|
if (decodedToken.userId) {
|
||
|
const user = await prisma.user.findFirst({
|
||
|
where: {
|
||
|
id: decodedToken.userId,
|
||
|
},
|
||
|
select: {
|
||
|
id: true,
|
||
|
username: true,
|
||
|
},
|
||
|
});
|
||
|
|
||
|
if (!user) return null;
|
||
|
|
||
|
return { id: user.id, name: user.username, isTeam: false };
|
||
|
}
|
||
|
|
||
|
if (decodedToken.teamId) {
|
||
|
const team = await prisma.team.findFirst({
|
||
|
where: {
|
||
|
id: decodedToken.teamId,
|
||
|
},
|
||
|
select: {
|
||
|
id: true,
|
||
|
name: true,
|
||
|
},
|
||
|
});
|
||
|
|
||
|
if (!team) return null;
|
||
|
return { ...team, isTeam: true };
|
||
|
}
|
||
|
|
||
|
return null;
|
||
|
}
|