Refactor + fix userIds filter (#179)

This fix means a behaviour change to GET calls. Instead of a JSON payload, instead a filter param has been added to the URL itself. GET payloads are very unexpected in API designs, even though supported. * Todo write tests (with postman?) * Turn isAdmin logic into common middleware ```bash curl "http://localhost:3002/v1/schedules?apiKey=...&userId=2" ``` ```bash curl "http://localhost:3002/v1/schedules?apiKey=..." \ -d '{"name":"Hello", "userId": 2}' \ -H 'Content-Type: application/json' ```
2022-10-11 15:33:25 +01:00 · 2022-10-11 15:33:25 +01:00 · a506c7da33
parent da61841525
commit a506c7da33
5 changed files with 132 additions and 125 deletions
--- a/lib/validations/schedule.ts
+++ b/lib/validations/schedule.ts
@ -1,5 +1,6 @@
 import { z } from "zod";

+import dayjs from "@calcom/dayjs";
 import { _ScheduleModel as Schedule, _AvailabilityModel as Availability } from "@calcom/prisma/zod";

 const schemaScheduleBaseBodyParams = Schedule.omit({ id: true }).partial();
@ -26,6 +27,13 @@ export const schemaSchedulePublic = z
    z.object({
      availability: z
        .array(Availability.pick({ id: true, eventTypeId: true, days: true, startTime: true, endTime: true }))
+        .transform((v) =>
+          v.map((item) => ({
+            ...item,
+            startTime: dayjs.utc(item.startTime).format("HH:mm:ss"),
+            endTime: dayjs.utc(item.endTime).format("HH:mm:ss"),
+          }))
+        )
        .optional(),
    })
  );
--- a/pages/api/schedules/[id]/index.ts
+++ b/pages/api/schedules/[id]/index.ts
--- a/pages/api/schedules/_get.ts
+++ b/pages/api/schedules/_get.ts
@ -0,0 +1,59 @@
+import type { NextApiRequest } from "next";
+import { z } from "zod";
+
+import { HttpError } from "@calcom/lib/http-error";
+import { defaultResponder } from "@calcom/lib/server";
+
+import { schemaSchedulePublic } from "@lib/validations/schedule";
+
+export const schemaUserIds = z
+  .union([z.string(), z.array(z.string())])
+  .transform((val) => (Array.isArray(val) ? val.map((v) => parseInt(v, 10)) : [parseInt(val, 10)]));
+
+/**
+ * @swagger
+ * /schedules:
+ *   get:
+ *     operationId: listSchedules
+ *     summary: Find all schedules
+ *     tags:
+ *     - schedules
+ *     responses:
+ *       200:
+ *         description: OK
+ *       401:
+ *        description: Authorization information is missing or invalid.
+ *       404:
+ *         description: No schedules were found
+ */
+async function handler({ body, prisma, userId, isAdmin, query }: NextApiRequest) {
+  let userIds: number[] = [userId];
+
+  if (!isAdmin && query.userId) {
+    // throw 403 Forbidden when the userId is given but user is not an admin
+    throw new HttpError({ statusCode: 403 });
+  }
+  // When isAdmin && userId is given parse it and use it instead of the current (admin) user.
+  else if (query.userId) {
+    const result = schemaUserIds.safeParse(query.userId);
+    if (result.success && result.data) {
+      userIds = result.data;
+    }
+  }
+
+  const data = await prisma.schedule.findMany({
+    where: {
+      userId: { in: userIds },
+    },
+    include: { availability: true },
+    ...(Array.isArray(body.userId) && { orderBy: { userId: "asc" } }),
+  });
+  const schedules = data.map((schedule) => schemaSchedulePublic.parse(schedule));
+  if (schedules) {
+    return { schedules };
+  }
+
+  throw new HttpError({ statusCode: 404, message: "No schedules were found" });
+}
+
+export default defaultResponder(handler);
--- a/pages/api/schedules/_post.ts
+++ b/pages/api/schedules/_post.ts
@ -0,0 +1,58 @@
+import { HttpError } from "@/../../packages/lib/http-error";
+import type { NextApiRequest } from "next";
+
+import { DEFAULT_SCHEDULE, getAvailabilityFromSchedule } from "@calcom/lib/availability";
+import { defaultResponder } from "@calcom/lib/server";
+
+import { schemaCreateScheduleBodyParams, schemaSchedulePublic } from "@lib/validations/schedule";
+
+/**
+ * @swagger
+ * /schedules:
+ *   post:
+ *     operationId: addSchedule
+ *     summary: Creates a new schedule
+ *     tags:
+ *     - schedules
+ *     responses:
+ *       201:
+ *         description: OK, schedule created
+ *       400:
+ *        description: Bad request. Schedule body is invalid.
+ *       401:
+ *        description: Authorization information is missing or invalid.
+ */
+async function postHandler({ body, userId, isAdmin, prisma }: NextApiRequest) {
+  const parsedBody = schemaCreateScheduleBodyParams.parse(body);
+  if (parsedBody.userId && !isAdmin) {
+    throw new HttpError({ statusCode: 403 });
+  }
+
+  const data = await prisma.schedule.create({
+    data: {
+      ...parsedBody,
+      userId: parsedBody.userId || userId,
+      availability: {
+        createMany: {
+          data: getAvailabilityFromSchedule(DEFAULT_SCHEDULE).map((schedule) => ({
+            days: schedule.days,
+            startTime: schedule.startTime,
+            endTime: schedule.endTime,
+          })),
+        },
+      },
+    },
+  });
+
+  const createSchedule = schemaSchedulePublic.safeParse(data);
+  if (!createSchedule.success) {
+    throw new HttpError({ statusCode: 400, message: "Could not create new schedule" });
+  }
+
+  return {
+    schedule: createSchedule.data,
+    message: "Schedule created succesfully",
+  };
+}
+
+export default defaultResponder(postHandler);
--- a/pages/api/schedules/index.ts
+++ b/pages/api/schedules/index.ts
@ -1,128 +1,10 @@
-import type { NextApiRequest, NextApiResponse } from "next";
+import { defaultHandler } from "@calcom/lib/server";

-import { getAvailabilityFromSchedule, DEFAULT_SCHEDULE } from "@calcom/lib/availability";
-
-import safeParseJSON from "@lib/helpers/safeParseJSON";
 import { withMiddleware } from "@lib/helpers/withMiddleware";
-import { ScheduleResponse, SchedulesResponse } from "@lib/types";
-import {
-  schemaScheduleBodyParams,
-  schemaSchedulePublic,
-  schemaCreateScheduleBodyParams,
-} from "@lib/validations/schedule";

-async function createOrlistAllSchedules(
-  { method, body, userId, isAdmin, prisma }: NextApiRequest,
-  res: NextApiResponse<SchedulesResponse | ScheduleResponse>
-) {
-  body = safeParseJSON(body);
-  if (body.success !== undefined && !body.success) {
-    res.status(400).json({ message: body.message });
-    return;
-  }
-
-  const safe = schemaScheduleBodyParams.safeParse(body);
-
-  if (!safe.success) {
-    res.status(400).json({ message: "Bad request" });
-    return;
-  }
-
-  const safeBody = safe.data;
-
-  if (safeBody.userId && !isAdmin) {
-    res.status(401).json({ message: "Unauthorized" });
-    return;
-  } else {
-    if (method === "GET") {
-      /**
-       * @swagger
-       * /schedules:
-       *   get:
-       *     operationId: listSchedules
-       *     summary: Find all schedules
-       *     tags:
-       *     - schedules
-       *     responses:
-       *       200:
-       *         description: OK
-       *       401:
-       *        description: Authorization information is missing or invalid.
-       *       404:
-       *         description: No schedules were found
-       */
-
-      const userIds = Array.isArray(safeBody.userId) ? safeBody.userId : [safeBody.userId || userId];
-
-      const data = await prisma.schedule.findMany({
-        where: {
-          userId: { in: userIds },
-        },
-        include: { availability: true },
-        ...(Array.isArray(body.userId) && { orderBy: { userId: "asc" } }),
-      });
-      const schedules = data.map((schedule) => schemaSchedulePublic.parse(schedule));
-      if (schedules) res.status(200).json({ schedules });
-      else
-        (error: Error) =>
-          res.status(404).json({
-            message: "No Schedules were found",
-            error,
-          });
-    } else if (method === "POST") {
-      /**
-       * @swagger
-       * /schedules:
-       *   post:
-       *     operationId: addSchedule
-       *     summary: Creates a new schedule
-       *     tags:
-       *     - schedules
-       *     responses:
-       *       201:
-       *         description: OK, schedule created
-       *       400:
-       *        description: Bad request. Schedule body is invalid.
-       *       401:
-       *        description: Authorization information is missing or invalid.
-       */
-      const safe = schemaCreateScheduleBodyParams.safeParse(body);
-      if (body.userId && !isAdmin) {
-        res.status(401).json({ message: "Unauthorized" });
-        return;
-      }
-
-      if (!safe.success) {
-        res.status(400).json({ message: "Invalid request body" });
-        return;
-      }
-
-      const data = await prisma.schedule.create({
-        data: {
-          ...safe.data,
-          userId: safe.data.userId || userId,
-          availability: {
-            createMany: {
-              data: getAvailabilityFromSchedule(DEFAULT_SCHEDULE).map((schedule) => ({
-                days: schedule.days,
-                startTime: schedule.startTime,
-                endTime: schedule.endTime,
-              })),
-            },
-          },
-        },
-      });
-      const schedule = schemaSchedulePublic.parse(data);
-
-      if (schedule) res.status(201).json({ schedule, message: "Schedule created successfully" });
-      else
-        (error: Error) =>
-          res.status(400).json({
-            message: "Could not create new schedule",
-            error,
-          });
-    } else res.status(405).json({ message: `Method ${method} not allowed` });
-  }
-}
-
-export default withMiddleware("HTTP_GET_OR_POST")(createOrlistAllSchedules);
+export default withMiddleware("HTTP_GET_OR_POST")(
+  defaultHandler({
+    GET: import("./_get"),
+    POST: import("./_post"),
+  })
+);