Merge pull request #78 from calcom/fix/meta

Fix/meta
2022-05-18 15:29:42 +02:00 · 2022-05-18 15:29:42 +02:00 · a7889b3436
parent e76ebd64f4 f29124866c
commit a7889b3436
13 changed files with 60 additions and 17 deletions
--- a/lib/validations/event-type.ts
+++ b/lib/validations/event-type.ts
@ -32,19 +32,20 @@ export const schemaEventTypeBaseBodyParams = EventType.pick({
  successRedirectUrl: true,
 }).partial();

-const schemaEventTypeBaseParams = z
+const schemaEventTypeCreateParams = z
  .object({
    title: z.string(),
    slug: z.string(),
    description: z.string().optional().nullable(),
    length: z.number().int(),
    locations: jsonSchema.optional().nullable().or(z.null()),
-    metadata: jsonSchema.optional().nullish(),
+    metadata: z.any().optional().nullable().nullish(),
    recurringEvent: jsonSchema.optional().nullable().or(z.null()),
  })
  .strict();

-export const schemaEventTypeCreateBodyParams = schemaEventTypeBaseBodyParams.merge(schemaEventTypeBaseParams);
+export const schemaEventTypeCreateBodyParams =
+  schemaEventTypeBaseBodyParams.merge(schemaEventTypeCreateParams);

 const schemaEventTypeEditParams = z
  .object({
@ -84,6 +85,12 @@ export const schemaEventTypeReadPublic = EventType.pick({
  currency: true,
  slotInterval: true,
  successRedirectUrl: true,
+  description: true,
 })
-  .merge(schemaEventTypeBaseParams)
-  .partial();
+  .merge(
+    z.object({
+      recurringEvent: jsonSchema.nullable(),
+      metadata: jsonSchema.nullable(),
+    })
+  )
+  .strict();
--- a/pages/api/booking-references/[id].ts
+++ b/pages/api/booking-references/[id].ts
@ -18,7 +18,10 @@ export async function bookingReferenceById(
  res: NextApiResponse<BookingReferenceResponse>
 ) {
  const safeQuery = schemaQueryIdParseInt.safeParse(query);
-  if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error);
+  if (!safeQuery.success) {
+    res.status(400).json({ message: "Your query was invalid" });
+    return;
+  }
  // const userWithBookings = await prisma.user.findUnique({
  //   where: { id: userId },
  //   include: { bookings: true },
--- a/pages/api/bookings/[id].ts
+++ b/pages/api/bookings/[id].ts
@ -15,7 +15,10 @@ export async function bookingById(
  res: NextApiResponse<BookingResponse>
 ) {
  const safeQuery = schemaQueryIdParseInt.safeParse(query);
-  if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error);
+  if (!safeQuery.success) {
+    res.status(400).json({ message: "Your query was invalid" });
+    return;
+  }
  const userWithBookings = await prisma.user.findUnique({
    where: { id: userId },
    include: { bookings: true },
--- a/pages/api/custom-inputs/[id].ts
+++ b/pages/api/custom-inputs/[id].ts
@ -77,7 +77,10 @@ async function eventTypeById(
 ) {
  const safeQuery = schemaQueryIdParseInt.safeParse(query);
  const safeBody = schemaEventTypeCustomInputBodyParams.safeParse(body);
-  if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error);
+  if (!safeQuery.success) {
+    res.status(400).json({ message: "Your query was invalid" });
+    return;
+  }
  const data = await prisma.eventType.findMany({ where: { userId } });
  const userEventTypes = data.map((eventType) => eventType.id);
  const userEventTypeCustomInputs = await prisma.eventTypeCustomInput.findMany({
--- a/pages/api/destination-calendars/[id].ts
+++ b/pages/api/destination-calendars/[id].ts
@ -19,7 +19,10 @@ export async function destionationCalendarById(
 ) {
  const safeQuery = schemaQueryIdParseInt.safeParse(query);
  const safeBody = schemaDestinationCalendarEditBodyParams.safeParse(body);
-  if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error);
+  if (!safeQuery.success) {
+    res.status(400).json({ message: "Your query was invalid" });
+    return;
+  }
  const data = await prisma.destinationCalendar.findMany({ where: { userId } });
  const userDestinationCalendars = data.map((destinationCalendar) => destinationCalendar.id);
  //  FIXME: Should we also check ownership of bokingId and eventTypeId to avoid users cross-pollinating other users calendars.
--- a/pages/api/event-references/[id].ts
+++ b/pages/api/event-references/[id].ts
@ -19,7 +19,10 @@ export async function dailyEventReferenceById(
 ) {
  const safeQuery = schemaQueryIdParseInt.safeParse(query);
  const safeBody = schemaDailyEventReferenceEditBodyParams.safeParse(body);
-  if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error);
+  if (!safeQuery.success) {
+    res.status(400).json({ message: "Your query was invalid" });
+    return;
+  }
  const userBookings = await prisma.booking.findMany({ where: { userId } });
  const userBookingIds: number[] = userBookings.map((booking) => booking.id);
  const userBookingDailyEventReferences = await prisma.dailyEventReference.findMany({
--- a/pages/api/event-types/[id].ts
+++ b/pages/api/event-types/[id].ts
@ -15,7 +15,10 @@ export async function eventTypeById(
  res: NextApiResponse<EventTypeResponse>
 ) {
  const safeQuery = schemaQueryIdParseInt.safeParse(query);
-  if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error);
+  if (!safeQuery.success) {
+    res.status(400).json({ message: "Your query was invalid" });
+    return;
+  }
  const data = await prisma.eventType.findMany({ where: { userId } });
  const userEventTypes = data.map((eventType) => eventType.id);
  if (!userEventTypes.includes(safeQuery.data.id)) res.status(401).json({ message: "Unauthorized" });
--- a/pages/api/hooks/[id].ts
+++ b/pages/api/hooks/[id].ts
@ -12,7 +12,10 @@ export async function WebhookById(
  res: NextApiResponse<WebhookResponse>
 ) {
  const safeQuery = schemaQueryIdAsString.safeParse(query);
-  if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error);
+  if (!safeQuery.success) {
+    res.status(400).json({ message: "Your query was invalid" });
+    return;
+  }
  const data = await prisma.webhook.findMany({ where: { userId } });
  const userWebhooks = data.map((webhook) => webhook.id);
  if (!userWebhooks.includes(safeQuery.data.id)) res.status(401).json({ message: "Unauthorized" });
--- a/pages/api/memberships/[id].ts
+++ b/pages/api/memberships/[id].ts
@ -12,7 +12,10 @@ export async function membershipById(
  res: NextApiResponse<MembershipResponse>
 ) {
  const safeQuery = schemaQueryIdAsString.safeParse(query);
-  if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error);
+  if (!safeQuery.success) {
+    res.status(400).json({ message: "Your query was invalid" });
+    return;
+  }
  // This is how we set the userId and teamId in the query for managing compoundId.
  const [paramUserId, teamId] = safeQuery.data.id.split("_");
  if (parseInt(paramUserId) !== userId) res.status(401).json({ message: "Unauthorized" });
--- a/pages/api/schedules/[id].ts
+++ b/pages/api/schedules/[id].ts
@ -16,7 +16,10 @@ export async function scheduleById(
 ) {
  const safeQuery = schemaQueryIdParseInt.safeParse(query);
  const safeBody = schemaScheduleBodyParams.safeParse(body);
-  if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error);
+  if (!safeQuery.success) {
+    res.status(400).json({ message: "Your query was invalid" });
+    return;
+  }
  const userSchedules = await prisma.schedule.findMany({ where: { userId } });
  const userScheduleIds = userSchedules.map((schedule) => schedule.id);
  if (!userScheduleIds.includes(safeQuery.data.id)) res.status(401).json({ message: "Unauthorized" });
--- a/pages/api/selected-calendars/[id].ts
+++ b/pages/api/selected-calendars/[id].ts
@ -16,7 +16,10 @@ export async function selectedCalendarById(
 ) {
  const safeQuery = schemaQueryIdAsString.safeParse(query);
  const safeBody = schemaSelectedCalendarBodyParams.safeParse(body);
-  if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error);
+  if (!safeQuery.success) {
+    res.status(400).json({ message: "Your query was invalid" });
+    return;
+  }
  // This is how we set the userId and externalId in the query for managing compoundId.
  const [paramUserId, integration, externalId] = safeQuery.data.id.split("_");
  if (userId !== parseInt(paramUserId)) res.status(401).json({ message: "Unauthorized" });
--- a/pages/api/teams/[id].ts
+++ b/pages/api/teams/[id].ts
@ -77,7 +77,10 @@ export async function teamById(
 ) {
  const safeQuery = schemaQueryIdParseInt.safeParse(query);
  const safeBody = schemaTeamBodyParams.safeParse(body);
-  if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error);
+  if (!safeQuery.success) {
+    res.status(400).json({ message: "Your query was invalid" });
+    return;
+  }
  const userWithMemberships = await prisma.membership.findMany({
    where: { userId: userId },
  });
--- a/pages/api/users/[id].ts
+++ b/pages/api/users/[id].ts
@ -16,7 +16,10 @@ export async function userById(
 ) {
  const safeQuery = schemaQueryIdParseInt.safeParse(query);
  console.log(body);
-  if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error);
+  if (!safeQuery.success) {
+    res.status(400).json({ message: "Your query was invalid" });
+    return;
+  }
  if (safeQuery.data.id !== userId) res.status(401).json({ message: "Unauthorized" });
  else {
    switch (method) {