cal.pub0.org/pages/api/availabilities/[id]/_auth-middleware.ts

import type { NextApiRequest } from "next";

import { schemaQueryIdParseInt } from "@lib/validations/shared/queryIdTransformParseInt";

async function authMiddleware(req: NextApiRequest) {
  const { userId, prisma, isAdmin, query } = req;
  const { id } = schemaQueryIdParseInt.parse(query);
  /** Admins can skip the ownership verification */
  if (isAdmin) return;
  /**
   * There's a caveat here. If the availability exists but the user doesn't own it,
   * the user will see a 404 error which may or not be the desired behavior.
   */
  await prisma.availability.findFirstOrThrow({
    where: { id, Schedule: { userId } },
  });
}

export default authMiddleware;
Refactors availabilities endpoints (#177) refs #175 2022-10-10 15:42:15 +00:00			`import type { NextApiRequest } from "next";`

			`import { schemaQueryIdParseInt } from "@lib/validations/shared/queryIdTransformParseInt";`

Fixed major flaw with authMiddleware authMiddleware should not use defaultResponder directly as it will catch thrown error and we need those errors to prevent running the rest of the code. 2022-10-11 01:46:45 +00:00			`async function authMiddleware(req: NextApiRequest) {`
Refactors availabilities endpoints (#177) refs #175 2022-10-10 15:42:15 +00:00			`const { userId, prisma, isAdmin, query } = req;`
			`const { id } = schemaQueryIdParseInt.parse(query);`
			`/** Admins can skip the ownership verification */`
			`if (isAdmin) return;`
			`/**`
			`* There's a caveat here. If the availability exists but the user doesn't own it,`
			`* the user will see a 404 error which may or not be the desired behavior.`
			`*/`
			`await prisma.availability.findFirstOrThrow({`
			`where: { id, Schedule: { userId } },`
			`});`
			`}`

Fixed major flaw with authMiddleware authMiddleware should not use defaultResponder directly as it will catch thrown error and we need those errors to prevent running the rest of the code. 2022-10-11 01:46:45 +00:00			`export default authMiddleware;`