diff --git a/lib/validations/event-type.ts b/lib/validations/event-type.ts index 6b03597f2a..3357c53794 100644 --- a/lib/validations/event-type.ts +++ b/lib/validations/event-type.ts @@ -32,19 +32,20 @@ export const schemaEventTypeBaseBodyParams = EventType.pick({ successRedirectUrl: true, }).partial(); -const schemaEventTypeBaseParams = z +const schemaEventTypeCreateParams = z .object({ title: z.string(), slug: z.string(), description: z.string().optional().nullable(), length: z.number().int(), locations: jsonSchema.optional().nullable().or(z.null()), - metadata: jsonSchema.optional().nullish(), + metadata: z.any().optional().nullable().nullish(), recurringEvent: jsonSchema.optional().nullable().or(z.null()), }) .strict(); -export const schemaEventTypeCreateBodyParams = schemaEventTypeBaseBodyParams.merge(schemaEventTypeBaseParams); +export const schemaEventTypeCreateBodyParams = + schemaEventTypeBaseBodyParams.merge(schemaEventTypeCreateParams); const schemaEventTypeEditParams = z .object({ @@ -84,6 +85,12 @@ export const schemaEventTypeReadPublic = EventType.pick({ currency: true, slotInterval: true, successRedirectUrl: true, + description: true, }) - .merge(schemaEventTypeBaseParams) - .partial(); + .merge( + z.object({ + recurringEvent: jsonSchema.nullable(), + metadata: jsonSchema.nullable(), + }) + ) + .strict(); diff --git a/pages/api/booking-references/[id].ts b/pages/api/booking-references/[id].ts index 8041617bb3..702b77c1a5 100644 --- a/pages/api/booking-references/[id].ts +++ b/pages/api/booking-references/[id].ts @@ -18,7 +18,10 @@ export async function bookingReferenceById( res: NextApiResponse ) { const safeQuery = schemaQueryIdParseInt.safeParse(query); - if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error); + if (!safeQuery.success) { + res.status(400).json({ message: "Your query was invalid" }); + return; + } // const userWithBookings = await prisma.user.findUnique({ // where: { id: userId }, // include: { bookings: true }, diff --git a/pages/api/bookings/[id].ts b/pages/api/bookings/[id].ts index b6a37122c1..7e17c9613a 100644 --- a/pages/api/bookings/[id].ts +++ b/pages/api/bookings/[id].ts @@ -15,7 +15,10 @@ export async function bookingById( res: NextApiResponse ) { const safeQuery = schemaQueryIdParseInt.safeParse(query); - if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error); + if (!safeQuery.success) { + res.status(400).json({ message: "Your query was invalid" }); + return; + } const userWithBookings = await prisma.user.findUnique({ where: { id: userId }, include: { bookings: true }, diff --git a/pages/api/custom-inputs/[id].ts b/pages/api/custom-inputs/[id].ts index 8c20771a45..7423a10b99 100644 --- a/pages/api/custom-inputs/[id].ts +++ b/pages/api/custom-inputs/[id].ts @@ -77,7 +77,10 @@ async function eventTypeById( ) { const safeQuery = schemaQueryIdParseInt.safeParse(query); const safeBody = schemaEventTypeCustomInputBodyParams.safeParse(body); - if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error); + if (!safeQuery.success) { + res.status(400).json({ message: "Your query was invalid" }); + return; + } const data = await prisma.eventType.findMany({ where: { userId } }); const userEventTypes = data.map((eventType) => eventType.id); const userEventTypeCustomInputs = await prisma.eventTypeCustomInput.findMany({ diff --git a/pages/api/destination-calendars/[id].ts b/pages/api/destination-calendars/[id].ts index 675f8c2e28..528b9e5f2d 100644 --- a/pages/api/destination-calendars/[id].ts +++ b/pages/api/destination-calendars/[id].ts @@ -19,7 +19,10 @@ export async function destionationCalendarById( ) { const safeQuery = schemaQueryIdParseInt.safeParse(query); const safeBody = schemaDestinationCalendarEditBodyParams.safeParse(body); - if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error); + if (!safeQuery.success) { + res.status(400).json({ message: "Your query was invalid" }); + return; + } const data = await prisma.destinationCalendar.findMany({ where: { userId } }); const userDestinationCalendars = data.map((destinationCalendar) => destinationCalendar.id); // FIXME: Should we also check ownership of bokingId and eventTypeId to avoid users cross-pollinating other users calendars. diff --git a/pages/api/event-references/[id].ts b/pages/api/event-references/[id].ts index 97bb53bc82..7a72fea4c7 100644 --- a/pages/api/event-references/[id].ts +++ b/pages/api/event-references/[id].ts @@ -19,7 +19,10 @@ export async function dailyEventReferenceById( ) { const safeQuery = schemaQueryIdParseInt.safeParse(query); const safeBody = schemaDailyEventReferenceEditBodyParams.safeParse(body); - if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error); + if (!safeQuery.success) { + res.status(400).json({ message: "Your query was invalid" }); + return; + } const userBookings = await prisma.booking.findMany({ where: { userId } }); const userBookingIds: number[] = userBookings.map((booking) => booking.id); const userBookingDailyEventReferences = await prisma.dailyEventReference.findMany({ diff --git a/pages/api/event-types/[id].ts b/pages/api/event-types/[id].ts index 224a7c9995..6319b48b9e 100644 --- a/pages/api/event-types/[id].ts +++ b/pages/api/event-types/[id].ts @@ -15,7 +15,10 @@ export async function eventTypeById( res: NextApiResponse ) { const safeQuery = schemaQueryIdParseInt.safeParse(query); - if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error); + if (!safeQuery.success) { + res.status(400).json({ message: "Your query was invalid" }); + return; + } const data = await prisma.eventType.findMany({ where: { userId } }); const userEventTypes = data.map((eventType) => eventType.id); if (!userEventTypes.includes(safeQuery.data.id)) res.status(401).json({ message: "Unauthorized" }); diff --git a/pages/api/hooks/[id].ts b/pages/api/hooks/[id].ts index cc017d8e8f..dbdfc1a17e 100644 --- a/pages/api/hooks/[id].ts +++ b/pages/api/hooks/[id].ts @@ -12,7 +12,10 @@ export async function WebhookById( res: NextApiResponse ) { const safeQuery = schemaQueryIdAsString.safeParse(query); - if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error); + if (!safeQuery.success) { + res.status(400).json({ message: "Your query was invalid" }); + return; + } const data = await prisma.webhook.findMany({ where: { userId } }); const userWebhooks = data.map((webhook) => webhook.id); if (!userWebhooks.includes(safeQuery.data.id)) res.status(401).json({ message: "Unauthorized" }); diff --git a/pages/api/memberships/[id].ts b/pages/api/memberships/[id].ts index 1b9ceaada8..ea99860d14 100644 --- a/pages/api/memberships/[id].ts +++ b/pages/api/memberships/[id].ts @@ -12,7 +12,10 @@ export async function membershipById( res: NextApiResponse ) { const safeQuery = schemaQueryIdAsString.safeParse(query); - if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error); + if (!safeQuery.success) { + res.status(400).json({ message: "Your query was invalid" }); + return; + } // This is how we set the userId and teamId in the query for managing compoundId. const [paramUserId, teamId] = safeQuery.data.id.split("_"); if (parseInt(paramUserId) !== userId) res.status(401).json({ message: "Unauthorized" }); diff --git a/pages/api/schedules/[id].ts b/pages/api/schedules/[id].ts index a6e65a87a3..305cc5c51b 100644 --- a/pages/api/schedules/[id].ts +++ b/pages/api/schedules/[id].ts @@ -16,7 +16,10 @@ export async function scheduleById( ) { const safeQuery = schemaQueryIdParseInt.safeParse(query); const safeBody = schemaScheduleBodyParams.safeParse(body); - if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error); + if (!safeQuery.success) { + res.status(400).json({ message: "Your query was invalid" }); + return; + } const userSchedules = await prisma.schedule.findMany({ where: { userId } }); const userScheduleIds = userSchedules.map((schedule) => schedule.id); if (!userScheduleIds.includes(safeQuery.data.id)) res.status(401).json({ message: "Unauthorized" }); diff --git a/pages/api/selected-calendars/[id].ts b/pages/api/selected-calendars/[id].ts index 5081da3d87..88dca61806 100644 --- a/pages/api/selected-calendars/[id].ts +++ b/pages/api/selected-calendars/[id].ts @@ -16,7 +16,10 @@ export async function selectedCalendarById( ) { const safeQuery = schemaQueryIdAsString.safeParse(query); const safeBody = schemaSelectedCalendarBodyParams.safeParse(body); - if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error); + if (!safeQuery.success) { + res.status(400).json({ message: "Your query was invalid" }); + return; + } // This is how we set the userId and externalId in the query for managing compoundId. const [paramUserId, integration, externalId] = safeQuery.data.id.split("_"); if (userId !== parseInt(paramUserId)) res.status(401).json({ message: "Unauthorized" }); diff --git a/pages/api/teams/[id].ts b/pages/api/teams/[id].ts index 4c8262efdc..2cfd371749 100644 --- a/pages/api/teams/[id].ts +++ b/pages/api/teams/[id].ts @@ -77,7 +77,10 @@ export async function teamById( ) { const safeQuery = schemaQueryIdParseInt.safeParse(query); const safeBody = schemaTeamBodyParams.safeParse(body); - if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error); + if (!safeQuery.success) { + res.status(400).json({ message: "Your query was invalid" }); + return; + } const userWithMemberships = await prisma.membership.findMany({ where: { userId: userId }, }); diff --git a/pages/api/users/[id].ts b/pages/api/users/[id].ts index b73abaf520..7539d513b8 100644 --- a/pages/api/users/[id].ts +++ b/pages/api/users/[id].ts @@ -16,7 +16,10 @@ export async function userById( ) { const safeQuery = schemaQueryIdParseInt.safeParse(query); console.log(body); - if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error); + if (!safeQuery.success) { + res.status(400).json({ message: "Your query was invalid" }); + return; + } if (safeQuery.data.id !== userId) res.status(401).json({ message: "Unauthorized" }); else { switch (method) {