public-offering
/
cal.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'main' into production

pull/9078/head
zomars 2022-06-14 15:00:21 -06:00
parent d8d9d4a375 1ab81fb8ee
commit 910c0a9507
11 changed files with 267 additions and 250 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
lib/validations/user.ts
View File

@ -122,8 +122,15 @@ const schemaUserCreateParams = z.object({
// @note: These are the values that are editable via PATCH method on the user Model,
// merging both BaseBodyParams with RequiredParams, and omiting whatever we want at the end.
export const schemaUserEditBodyParams = schemaUserBaseBodyParams.merge(schemaUserEditParams).omit({});
export const schemaUserCreateBodyParams = schemaUserBaseBodyParams.merge(schemaUserCreateParams).omit({});
export const schemaUserEditBodyParams = schemaUserBaseBodyParams
.merge(schemaUserEditParams)
.omit({})
.strict();
export const schemaUserCreateBodyParams = schemaUserBaseBodyParams
.merge(schemaUserCreateParams)
.omit({})
.strict();
// @note: These are the values that are always returned when reading a user
export const schemaUserReadPublic = User.pick({
@ -150,4 +157,6 @@ export const schemaUserReadPublic = User.pick({
createdDate: true,
verified: true,
invitedTo: true,
}).merge(schemaUserEditBodyParams);
});
export const schemaUsersReadPublic = z.array(schemaUserReadPublic);

2
next.config.js
View File

@ -10,7 +10,7 @@ const withTM = require("next-transpile-modules")([
module.exports = withTM({
async rewrites() {
return {
beforeFiles: [
afterFiles: [
// This redirects requests recieved at / the root to the /api/ folder.
{
source: "/v:version/:rest*",

5
package.json
View File

@ -8,9 +8,8 @@
"private": true,
"scripts": {
"build": "next build",
"clean": "rm -rf .turbo && rm -rf node_modules && rm -rf dist",
"dev-real": "PORT=3002 next dev",
"dev": "next build && PORT=3002 next start",
"clean": "rm -rf .turbo && rm -rf node_modules && rm -rf .next",
"dev": "PORT=3002 next dev",
"lint-fix": "next lint --fix && prettier --write .",
"lint": "next lint",
"prebuild": "cd ../.. && yarn workspace @calcom/prisma generate-schemas",

186
pages/api/users/[id].ts
View File

@ -1,186 +0,0 @@
import type { NextApiRequest, NextApiResponse } from "next";
import prisma from "@calcom/prisma";
import { withMiddleware } from "@lib/helpers/withMiddleware";
import type { UserResponse } from "@lib/types";
import { isAdminGuard } from "@lib/utils/isAdmin";
import {
schemaQueryIdParseInt,
withValidQueryIdTransformParseInt,
} from "@lib/validations/shared/queryIdTransformParseInt";
import { schemaUserEditBodyParams, schemaUserReadPublic } from "@lib/validations/user";
export async function userById(
{ method, query, body, userId }: NextApiRequest,
res: NextApiResponse<UserResponse>
) {
const safeQuery = schemaQueryIdParseInt.safeParse(query);
console.log(body);
if (!safeQuery.success) {
res.status(400).json({ message: "Your query was invalid" });
return;
}
const isAdmin = await isAdminGuard(userId);
// Here we only check for ownership of the user if the user is not admin, otherwise we let ADMIN's edit any user
if (!isAdmin) {
if (safeQuery.data.id !== userId) res.status(401).json({ message: "Unauthorized" });
} else {
switch (method) {
case "GET":
/**
* @swagger
* /users/{id}:
* get:
* summary: Find a user, returns your user if regular user.
* operationId: getUserById
* parameters:
* - in: path
* name: id
* example: 4
* schema:
* type: integer
* required: true
* description: ID of the user to get
* tags:
* - users
* responses:
* 200:
* description: OK
* 401:
* description: Authorization information is missing or invalid.
* 404:
* description: User was not found
*/
await prisma.user
.findUnique({ where: { id: safeQuery.data.id } })
.then((data) => schemaUserReadPublic.parse(data))
.then((user) => res.status(200).json({ user }))
.catch((error: Error) =>
res.status(404).json({ message: `User with id: ${safeQuery.data.id} not found`, error })
);
break;
case "PATCH":
/**
* @swagger
* /users/{id}:
* patch:
* summary: Edit an existing user
* operationId: editUserById
* requestBody:
* description: Edit an existing attendee related to one of your bookings
* required: true
* content:
* application/json:
* schema:
* type: object
* properties:
* weekStart:
* type: string
* enum: [Monday, Sunday, Saturday]
* example: Monday
* brandColor:
* type: string
* example: "#FF000F"
* darkBrandColor:
* type: string
* example: "#000000"
* timeZone:
* type: string
* example: Europe/London
* parameters:
* - in: path
* name: id
* example: 4
* schema:
* type: integer
* required: true
* description: ID of the user to edit
* tags:
* - users
* responses:
* 201:
* description: OK, user edited successfuly
* 400:
* description: Bad request. User body is invalid.
* 401:
* description: Authorization information is missing or invalid.
*/
const safeBody = schemaUserEditBodyParams.safeParse(body);
if (!safeBody.success) {
res.status(400).json({ message: "Bad request", error: safeBody.error });
return;
}
const userSchedules = await prisma.schedule.findMany({
where: { userId },
});
const userSchedulesIds = userSchedules.map((schedule) => schedule.id);
// @note: here we make sure user can only make as default his own scheudles
if (
safeBody?.data?.defaultScheduleId &&
!userSchedulesIds.includes(Number(safeBody?.data?.defaultScheduleId))
) {
res.status(400).json({
message: "Bad request: Invalid default schedule id",
});
return;
}
await prisma.user
.update({
where: { id: userId },
data: safeBody.data,
})
.then((data) => schemaUserReadPublic.parse(data))
.then((user) => res.status(200).json({ user }))
.catch((error: Error) =>
res.status(404).json({ message: `User with id: ${safeQuery.data.id} not found`, error })
);
break;
/**
* @swagger
* /users/{id}:
* delete:
* summary: Remove an existing user
* operationId: removeUserById
* parameters:
* - in: path
* name: id
* example: 1
* schema:
* type: integer
* required: true
* description: ID of the user to delete
* tags:
* - users
* responses:
* 201:
* description: OK, user removed successfuly
* 400:
* description: Bad request. User id is invalid.
* 401:
* description: Authorization information is missing or invalid.
*/
case "DELETE":
await prisma.user
.delete({ where: { id: safeQuery.data.id } })
.then(() =>
res.status(200).json({ message: `User with id: ${safeQuery.data.id} deleted successfully` })
)
.catch((error: Error) =>
res.status(404).json({ message: `User with id: ${safeQuery.data.id} not found`, error })
);
break;
default:
res.status(405).json({ message: "Method not allowed" });
break;
}
}
}
export default withMiddleware("HTTP_GET_DELETE_PATCH")(withValidQueryIdTransformParseInt(userById));

47
pages/api/users/[id]/_delete.ts Normal file
View File

@ -0,0 +1,47 @@
import type { NextApiRequest } from "next";
import { HttpError } from "@calcom/lib/http-error";
import { defaultResponder } from "@calcom/lib/server";
import prisma from "@calcom/prisma";
import { isAdminGuard } from "@lib/utils/isAdmin";
import { schemaQueryIdParseInt } from "@lib/validations/shared/queryIdTransformParseInt";
/**
* @swagger
* /users/{id}:
* delete:
* summary: Remove an existing user
* operationId: removeUserById
* parameters:
* - in: path
* name: id
* example: 1
* schema:
* type: integer
* required: true
* description: ID of the user to delete
* tags:
* - users
* responses:
* 201:
* description: OK, user removed successfuly
* 400:
* description: Bad request. User id is invalid.
* 401:
* description: Authorization information is missing or invalid.
*/
export async function deleteHandler(req: NextApiRequest) {
const query = schemaQueryIdParseInt.parse(req.query);
const isAdmin = await isAdminGuard(req.userId);
// Here we only check for ownership of the user if the user is not admin, otherwise we let ADMIN's edit any user
if (!isAdmin && query.id !== req.userId) throw new HttpError({ statusCode: 401, message: "Unauthorized" });
const user = await prisma.user.findUnique({ where: { id: query.id } });
if (!user) throw new HttpError({ statusCode: 404, message: "User not found" });
await prisma.user.delete({ where: { id: user.id } });
return { message: `User with id: ${user.id} deleted successfully` };
}
export default defaultResponder(deleteHandler);

45
pages/api/users/[id]/_get.ts Normal file
View File

@ -0,0 +1,45 @@
import type { NextApiRequest } from "next";
import { HttpError } from "@calcom/lib/http-error";
import { defaultResponder } from "@calcom/lib/server";
import prisma from "@calcom/prisma";
import { isAdminGuard } from "@lib/utils/isAdmin";
import { schemaQueryIdParseInt } from "@lib/validations/shared/queryIdTransformParseInt";
import { schemaUserReadPublic } from "@lib/validations/user";
/**
* @swagger
* /users/{id}:
* get:
* summary: Find a user, returns your user if regular user.
* operationId: getUserById
* parameters:
* - in: path
* name: id
* example: 4
* schema:
* type: integer
* required: true
* description: ID of the user to get
* tags:
* - users
* responses:
* 200:
* description: OK
* 401:
* description: Authorization information is missing or invalid.
* 404:
* description: User was not found
*/
export async function getHandler(req: NextApiRequest) {
const query = schemaQueryIdParseInt.parse(req.query);
const isAdmin = await isAdminGuard(req.userId);
// Here we only check for ownership of the user if the user is not admin, otherwise we let ADMIN's edit any user
if (!isAdmin && query.id !== req.userId) throw new HttpError({ statusCode: 401, message: "Unauthorized" });
const data = await prisma.user.findUnique({ where: { id: query.id } });
const user = schemaUserReadPublic.parse(data);
return { user };
}
export default defaultResponder(getHandler);

82
pages/api/users/[id]/_patch.ts Normal file
View File

@ -0,0 +1,82 @@
import type { NextApiRequest } from "next";
import { HttpError } from "@calcom/lib/http-error";
import { defaultResponder } from "@calcom/lib/server";
import prisma from "@calcom/prisma";
import { isAdminGuard } from "@lib/utils/isAdmin";
import { schemaQueryIdParseInt } from "@lib/validations/shared/queryIdTransformParseInt";
import { schemaUserEditBodyParams, schemaUserReadPublic } from "@lib/validations/user";
/**
* @swagger
* /users/{id}:
* patch:
* summary: Edit an existing user
* operationId: editUserById
* requestBody:
* description: Edit an existing attendee related to one of your bookings
* required: true
* content:
* application/json:
* schema:
* type: object
* properties:
* weekStart:
* type: string
* enum: [Monday, Sunday, Saturday]
* example: Monday
* brandColor:
* type: string
* example: "#FF000F"
* darkBrandColor:
* type: string
* example: "#000000"
* timeZone:
* type: string
* example: Europe/London
* parameters:
* - in: path
* name: id
* example: 4
* schema:
* type: integer
* required: true
* description: ID of the user to edit
* tags:
* - users
* responses:
* 201:
* description: OK, user edited successfuly
* 400:
* description: Bad request. User body is invalid.
* 401:
* description: Authorization information is missing or invalid.
*/
export async function patchHandler(req: NextApiRequest) {
const query = schemaQueryIdParseInt.parse(req.query);
const isAdmin = await isAdminGuard(req.userId);
// Here we only check for ownership of the user if the user is not admin, otherwise we let ADMIN's edit any user
if (!isAdmin && query.id !== req.userId) throw new HttpError({ statusCode: 401, message: "Unauthorized" });
const body = schemaUserEditBodyParams.parse(req.body);
const userSchedules = await prisma.schedule.findMany({
where: { userId: req.userId },
});
const userSchedulesIds = userSchedules.map((schedule) => schedule.id);
// @note: here we make sure user can only make as default his own scheudles
if (body.defaultScheduleId && !userSchedulesIds.includes(Number(body.defaultScheduleId))) {
throw new HttpError({
statusCode: 400,
message: "Bad request: Invalid default schedule id",
});
}
const data = await prisma.user.update({
where: { id: req.userId },
data: body,
});
const user = schemaUserReadPublic.parse(data);
return { user };
}
export default defaultResponder(patchHandler);

14
pages/api/users/[id]/index.ts Normal file
View File

@ -0,0 +1,14 @@
import { defaultHandler } from "@/../../packages/lib/server";
import { withMiddleware } from "@lib/helpers/withMiddleware";
import { withValidQueryIdTransformParseInt } from "@lib/validations/shared/queryIdTransformParseInt";
export default withMiddleware("HTTP_GET_DELETE_PATCH")(
withValidQueryIdTransformParseInt(
defaultHandler({
GET: import("./_get"),
PATCH: import("./_patch"),
DELETE: import("./_delete"),
})
)
);

37
pages/api/users/_get.ts Normal file
View File

@ -0,0 +1,37 @@
import type { NextApiRequest } from "next";
import { defaultResponder } from "@calcom/lib/server";
import prisma from "@calcom/prisma";
import { isAdminGuard } from "@lib/utils/isAdmin";
import { schemaUsersReadPublic } from "@lib/validations/user";
import { Prisma } from ".prisma/client";
/**
* @swagger
* /users:
* get:
* operationId: listUsers
* summary: Find all users.
* tags:
* - users
* responses:
* 200:
* description: OK
* 401:
* description: Authorization information is missing or invalid.
* 404:
* description: No users were found
*/
async function getHandler({ userId }: NextApiRequest) {
const isAdmin = await isAdminGuard(userId);
const where: Prisma.UserWhereInput = {};
// If user is not ADMIN, return only his data.
if (!isAdmin) where.id = userId;
const data = await prisma.user.findMany({ where });
const users = schemaUsersReadPublic.parse(data);
return { users };
}
export default defaultResponder(getHandler);

20
pages/api/users/_post.ts Normal file
View File

@ -0,0 +1,20 @@
import { HttpError } from "@/../../packages/lib/http-error";
import type { NextApiRequest } from "next";
import { defaultResponder } from "@calcom/lib/server";
import prisma from "@calcom/prisma";
import { isAdminGuard } from "@lib/utils/isAdmin";
import { schemaUserCreateBodyParams } from "@lib/validations/user";
async function postHandler(req: NextApiRequest) {
const isAdmin = await isAdminGuard(req.userId);
// If user is not ADMIN, return unauthorized.
if (!isAdmin) throw new HttpError({ statusCode: 401, message: "You are not authorized" });
const data = schemaUserCreateBodyParams.parse(req.body);
const user = await prisma.user.create({ data });
req.statusCode = 201;
return { user };
}
export default defaultResponder(postHandler);

64
pages/api/users/index.ts
View File

@ -1,60 +1,10 @@
import type { NextApiRequest, NextApiResponse } from "next";
import prisma from "@calcom/prisma";
import { defaultHandler } from "@calcom/lib/server";
import { withMiddleware } from "@lib/helpers/withMiddleware";
import { UserResponse, UsersResponse } from "@lib/types";
import { isAdminGuard } from "@lib/utils/isAdmin";
import { schemaUserReadPublic, schemaUserCreateBodyParams } from "@lib/validations/user";
/**
* @swagger
* /users:
* get:
* operationId: listUsers
* summary: Find all users.
* tags:
* - users
* responses:
* 200:
* description: OK
* 401:
* description: Authorization information is missing or invalid.
* 404:
* description: No users were found
*/
async function getAllorCreateUser(
{ userId, method, body }: NextApiRequest,
res: NextApiResponse<UsersResponse | UserResponse>
) {
const isAdmin = await isAdminGuard(userId);
if (method === "GET") {
if (!isAdmin) {
// If user is not ADMIN, return only his data.
const data = await prisma.user.findMany({ where: { id: userId } });
const users = data.map((user) => schemaUserReadPublic.parse(user));
if (users) res.status(200).json({ users });
} else {
// If user is admin, return all users.
const data = await prisma.user.findMany({});
const users = data.map((user) => schemaUserReadPublic.parse(user));
if (users) res.status(200).json({ users });
}
} else if (method === "POST") {
// If user is not ADMIN, return unauthorized.
if (!isAdmin) res.status(401).json({ message: "You are not authorized" });
else {
const safeBody = schemaUserCreateBodyParams.safeParse(body);
if (!safeBody.success) {
res.status(400).json({ message: "Your body was invalid" });
return;
}
const user = await prisma.user.create({
data: safeBody.data,
});
res.status(201).json({ user });
}
}
}
export default withMiddleware("HTTP_GET_OR_POST")(getAllorCreateUser);
export default withMiddleware("HTTP_GET_OR_POST")(
defaultHandler({
GET: import("./_get"),
POST: import("./_post"),
})
);