Adds basic api-key auth in users, need to extract out

lib/utils/stringifyISODate.ts

@@ -1,7 +1,4 @@
 export const stringifyISODate = (date: Date|undefined): string => {
   return `${date?.toISOString()}`
 }
-// FIXME: debug this, supposed to take an array/object and auto strinfy date-like values
-export const autoStringifyDateValues = ([key, value]: [string, unknown]): [string, unknown] => { 
-  return [key, typeof value === "object" && value instanceof Date ? stringifyISODate(value) : value]
-}
+// TODO: create a function that takes an object and returns a stringified version of dates of it.

pages/_middleware.ts

@@ -0,0 +1,12 @@
+import { NextRequest, NextResponse } from 'next/server'
+// Not much useful yet as prisma.client can't be used in the middlewares (client is not available)
+// For now we just throw early if no apiKey is passed, 
+// but we could also check if the apiKey is valid if we had prisma here.
+export async function middleware({ nextUrl }: NextRequest, res: NextResponse) {
+  const response = NextResponse.next()
+  const apiKey = nextUrl.searchParams.get('apiKey');
+
+  if (apiKey) return response
+  // if no apiKey is passed, we throw early
+  else throw new Error('You need to pass an apiKey as query param: https://api.cal.com/resource?apiKey=<your-api-key>')
+}

pages/api/users/index.ts

@@ -7,13 +7,30 @@ type ResponseData = {
   data?: User[];
   error?: unknown;
 };
+const dateInPast = function (firstDate: Date, secondDate: Date) {
+  if (firstDate.setHours(0, 0, 0, 0) <= secondDate.setHours(0, 0, 0, 0)) {
+    return true;
+  }
+
+  return false;
+};
+const today = new Date();
 
 export default async function user(req: NextApiRequest, res: NextApiResponse<ResponseData>) {
-  try {
-    const users = await prisma.user.findMany();
-    res.status(200).json({ data: { ...users } });
-  } catch (error) {
-    // FIXME: Add zod for validation/error handling
-    res.status(400).json({ error: error });
-  }
+  const apiKey = req.query.apiKey as string;
+  const apiInDb = await prisma.apiKey.findUnique({ where: { id: apiKey } });
+  if (!apiInDb) throw new Error('API key not found');
+  const { expiresAt } = apiInDb;
+  // if (!apiInDb) res.status(400).json({ error: 'Your api key is not valid' });
+  if (expiresAt && dateInPast(expiresAt, today)) {
+    console.log(apiInDb)
+    try {
+      const users = await prisma.user.findMany();
+      res.status(200).json({ data: { ...users } });
+    } catch (error) {
+      // FIXME: Add zod for validation/error handling
+      res.status(400).json({ error: error });
+    }
+  } else       res.status(400).json({ error: 'Your api key is not valid' });
+
 }

pages/api/users/new.ts

@@ -13,18 +13,14 @@ type ResponseData = {
 
 async function createUser(req: NextApiRequest, res: NextApiResponse<ResponseData>) {
   const { body, method } = req;
-  if (method === "POST") {
-    const safe = schemaUser.safeParse(body);
-    if (safe.success && safe.data) {
+  const safe = schemaUser.safeParse(body);
+  if (method === "POST" && safe.success) {
       await prisma.user
         .create({ data: safe.data })
         .then((user) => res.status(201).json({ data: user }))
         .catch((error) => res.status(400).json({ message: "Could not create user type", error: error }));
-    }
-  } else {
-    // Reject any other HTTP method than POST
-    res.status(405).json({ error: "Only POST Method allowed" });
-  }
+        // Reject any other HTTP method than POST
+  } else res.status(405).json({ error: "Only POST Method allowed" });
 }
 
 export default withValidUser(createUser);

tsconfig.json

@@ -21,7 +21,8 @@
     "jsx": "preserve",
     "paths": {
     "@api/*": ["pages/api/*"],
-    "@lib/*": ["lib/*"]
+    "@lib/*": ["lib/*"],
+    "@/*": ["*"]
 
 },
   },