public-offering
/
cal.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
cal.pub0.org/pages/api/bookings/[id]/_auth-middleware.ts

25 lines
816 B
TypeScript
Raw Normal View History

Splits booking/[id] endpoint # Conflicts: # pages/api/bookings/[id].ts
2022-07-08 17:21:40 +00:00
import type { NextApiRequest } from "next";
import { HttpError } from "@calcom/lib/http-error";
import { schemaQueryIdParseInt } from "@lib/validations/shared/queryIdTransformParseInt";
Fixed major flaw with authMiddleware authMiddleware should not use defaultResponder directly as it will catch thrown error and we need those errors to prevent running the rest of the code.
2022-10-11 01:46:45 +00:00
async function authMiddleware(req: NextApiRequest) {
Splits booking/[id] endpoint # Conflicts: # pages/api/bookings/[id].ts
2022-07-08 17:21:40 +00:00
const { userId, prisma, isAdmin, query } = req;
const { id } = schemaQueryIdParseInt.parse(query);
const userWithBookings = await prisma.user.findUnique({
where: { id: userId },
include: { bookings: true },
});
if (!userWithBookings) throw new HttpError({ statusCode: 404, message: "User not found" });
const userBookingIds = userWithBookings.bookings.map((booking) => booking.id);
if (!isAdmin && !userBookingIds.includes(id)) {
throw new HttpError({ statusCode: 401, message: "You are not authorized" });
}
}
Fixed major flaw with authMiddleware authMiddleware should not use defaultResponder directly as it will catch thrown error and we need those errors to prevent running the rest of the code.
2022-10-11 01:46:45 +00:00
export default authMiddleware;