From 19934d8c3a4b2c3c3885f6f0880132db211f1801 Mon Sep 17 00:00:00 2001 From: Agusti Fernandez Pardo Date: Mon, 28 Mar 2022 02:51:40 +0200 Subject: [PATCH] Adds basic api-key auth in users, need to extract out --- lib/utils/stringifyISODate.ts | 5 +---- pages/_middleware.ts | 12 ++++++++++++ pages/api/users/index.ts | 31 ++++++++++++++++++++++++------- pages/api/users/new.ts | 12 ++++-------- tsconfig.json | 3 ++- 5 files changed, 43 insertions(+), 20 deletions(-) create mode 100644 pages/_middleware.ts diff --git a/lib/utils/stringifyISODate.ts b/lib/utils/stringifyISODate.ts index bb2ec71339..17be60bed7 100644 --- a/lib/utils/stringifyISODate.ts +++ b/lib/utils/stringifyISODate.ts @@ -1,7 +1,4 @@ export const stringifyISODate = (date: Date|undefined): string => { return `${date?.toISOString()}` } -// FIXME: debug this, supposed to take an array/object and auto strinfy date-like values -export const autoStringifyDateValues = ([key, value]: [string, unknown]): [string, unknown] => { - return [key, typeof value === "object" && value instanceof Date ? stringifyISODate(value) : value] -} \ No newline at end of file +// TODO: create a function that takes an object and returns a stringified version of dates of it. \ No newline at end of file diff --git a/pages/_middleware.ts b/pages/_middleware.ts new file mode 100644 index 0000000000..d79b68edb6 --- /dev/null +++ b/pages/_middleware.ts @@ -0,0 +1,12 @@ +import { NextRequest, NextResponse } from 'next/server' +// Not much useful yet as prisma.client can't be used in the middlewares (client is not available) +// For now we just throw early if no apiKey is passed, +// but we could also check if the apiKey is valid if we had prisma here. +export async function middleware({ nextUrl }: NextRequest, res: NextResponse) { + const response = NextResponse.next() + const apiKey = nextUrl.searchParams.get('apiKey'); + + if (apiKey) return response + // if no apiKey is passed, we throw early + else throw new Error('You need to pass an apiKey as query param: https://api.cal.com/resource?apiKey=') +} diff --git a/pages/api/users/index.ts b/pages/api/users/index.ts index 33afee9f5e..dd3665cf14 100644 --- a/pages/api/users/index.ts +++ b/pages/api/users/index.ts @@ -7,13 +7,30 @@ type ResponseData = { data?: User[]; error?: unknown; }; +const dateInPast = function (firstDate: Date, secondDate: Date) { + if (firstDate.setHours(0, 0, 0, 0) <= secondDate.setHours(0, 0, 0, 0)) { + return true; + } + + return false; +}; +const today = new Date(); export default async function user(req: NextApiRequest, res: NextApiResponse) { - try { - const users = await prisma.user.findMany(); - res.status(200).json({ data: { ...users } }); - } catch (error) { - // FIXME: Add zod for validation/error handling - res.status(400).json({ error: error }); - } + const apiKey = req.query.apiKey as string; + const apiInDb = await prisma.apiKey.findUnique({ where: { id: apiKey } }); + if (!apiInDb) throw new Error('API key not found'); + const { expiresAt } = apiInDb; + // if (!apiInDb) res.status(400).json({ error: 'Your api key is not valid' }); + if (expiresAt && dateInPast(expiresAt, today)) { + console.log(apiInDb) + try { + const users = await prisma.user.findMany(); + res.status(200).json({ data: { ...users } }); + } catch (error) { + // FIXME: Add zod for validation/error handling + res.status(400).json({ error: error }); + } + } else res.status(400).json({ error: 'Your api key is not valid' }); + } diff --git a/pages/api/users/new.ts b/pages/api/users/new.ts index 4eba163f6b..ae298fdfb3 100644 --- a/pages/api/users/new.ts +++ b/pages/api/users/new.ts @@ -13,18 +13,14 @@ type ResponseData = { async function createUser(req: NextApiRequest, res: NextApiResponse) { const { body, method } = req; - if (method === "POST") { - const safe = schemaUser.safeParse(body); - if (safe.success && safe.data) { + const safe = schemaUser.safeParse(body); + if (method === "POST" && safe.success) { await prisma.user .create({ data: safe.data }) .then((user) => res.status(201).json({ data: user })) .catch((error) => res.status(400).json({ message: "Could not create user type", error: error })); - } - } else { - // Reject any other HTTP method than POST - res.status(405).json({ error: "Only POST Method allowed" }); - } + // Reject any other HTTP method than POST + } else res.status(405).json({ error: "Only POST Method allowed" }); } export default withValidUser(createUser); diff --git a/tsconfig.json b/tsconfig.json index fd13c250c3..93bbf8be81 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -21,7 +21,8 @@ "jsx": "preserve", "paths": { "@api/*": ["pages/api/*"], - "@lib/*": ["lib/*"] + "@lib/*": ["lib/*"], + "@/*": ["*"] }, },