public-offering
/
cal.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: memberships hardened mode

pull/9078/head
Agusti Fernandez Pardo 2022-04-21 00:55:22 +02:00
parent 9c5624c748
commit b0c0e9fb4c
2 changed files with 78 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
pages/api/memberships/[id].ts
View File

@ -4,6 +4,7 @@ import prisma from "@calcom/prisma";
import { withMiddleware } from "@lib/helpers/withMiddleware";
import type { MembershipResponse } from "@lib/types";
import { getCalcomUserId } from "@lib/utils/getCalcomUserId";
import { schemaMembershipBodyParams, schemaMembershipPublic } from "@lib/validations/membership";
import { schemaQueryIdAsString, withValidQueryIdString } from "@lib/validations/shared/queryIdString";
@ -106,48 +107,82 @@ export async function membershipById(req: NextApiRequest, res: NextApiResponse<M
const safeBody = schemaMembershipBodyParams.safeParse(body);
if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error);
// This is how we set the userId and teamId in the query for managing compoundId.
const [userId, teamId] = safeQuery.data.id.split("_");
const [paramUserId, teamId] = safeQuery.data.id.split("_");
const userId = getCalcomUserId(res);
if (parseInt(paramUserId) === userId) {
switch (method) {
case "GET":
await prisma.membership
.findUnique({
where: {
userId_teamId: {
userId: userId,
teamId: parseInt(teamId),
},
},
})
.then((data) => schemaMembershipPublic.parse(data))
.then((membership) => res.status(200).json({ membership }))
.catch((error: Error) =>
res.status(404).json({
message: `Membership with id: ${safeQuery.data.id} not found`,
error,
})
);
break;
switch (method) {
case "GET":
await prisma.membership
.findUnique({ where: { userId_teamId: { userId: parseInt(userId), teamId: parseInt(teamId) } } })
.then((data) => schemaMembershipPublic.parse(data))
.then((membership) => res.status(200).json({ membership }))
.catch((error: Error) =>
res.status(404).json({ message: `Membership with id: ${safeQuery.data.id} not found`, error })
);
break;
case "PATCH":
if (!safeBody.success) {
throw new Error("Invalid request body");
}
await prisma.membership
.update({
where: {
userId_teamId: {
userId: userId,
teamId: parseInt(teamId),
},
},
data: safeBody.data,
})
.then((data) => schemaMembershipPublic.parse(data))
.then((membership) => res.status(200).json({ membership }))
.catch((error: Error) =>
res.status(404).json({
message: `Membership with id: ${safeQuery.data.id} not found`,
error,
})
);
break;
case "PATCH":
if (!safeBody.success) throw new Error("Invalid request body");
await prisma.membership
.update({
where: { userId_teamId: { userId: parseInt(userId), teamId: parseInt(teamId) } },
data: safeBody.data,
})
.then((data) => schemaMembershipPublic.parse(data))
.then((membership) => res.status(200).json({ membership }))
.catch((error: Error) =>
res.status(404).json({ message: `Membership with id: ${safeQuery.data.id} not found`, error })
);
break;
case "DELETE":
await prisma.membership
.delete({
where: {
userId_teamId: {
userId: userId,
teamId: parseInt(teamId),
},
},
})
.then(() =>
res.status(200).json({
message: `Membership with id: ${safeQuery.data.id} deleted successfully`,
})
)
.catch((error: Error) =>
res.status(404).json({
message: `Membership with id: ${safeQuery.data.id} not found`,
error,
})
);
break;
case "DELETE":
await prisma.membership
.delete({ where: { userId_teamId: { userId: parseInt(userId), teamId: parseInt(teamId) } } })
.then(() =>
res.status(200).json({ message: `Membership with id: ${safeQuery.data.id} deleted successfully` })
)
.catch((error: Error) =>
res.status(404).json({ message: `Membership with id: ${safeQuery.data.id} not found`, error })
);
break;
default:
res.status(405).json({ message: "Method not allowed" });
break;
}
default:
res.status(405).json({ message: "Method not allowed" });
break;
}
} else res.status(401).json({ message: "Unauthorized" });
}
export default withMiddleware("HTTP_GET_DELETE_PATCH")(withValidQueryIdString(membershipById));

6
pages/api/memberships/index.ts
View File

@ -4,6 +4,7 @@ import prisma from "@calcom/prisma";
import { withMiddleware } from "@lib/helpers/withMiddleware";
import { MembershipResponse, MembershipsResponse } from "@lib/types";
import { getCalcomUserId } from "@lib/utils/getCalcomUserId";
import { schemaMembershipBodyParams, schemaMembershipPublic } from "@lib/validations/membership";
/**
@ -42,8 +43,9 @@ async function createOrlistAllMemberships(
res: NextApiResponse<MembershipsResponse | MembershipResponse>
) {
const { method } = req;
const userId = getCalcomUserId(res);
if (method === "GET") {
const data = await prisma.membership.findMany();
const data = await prisma.membership.findMany({ where: { userId } });
const memberships = data.map((membership) => schemaMembershipPublic.parse(membership));
if (memberships) res.status(200).json({ memberships });
else
@ -56,7 +58,7 @@ async function createOrlistAllMemberships(
const safe = schemaMembershipBodyParams.safeParse(req.body);
if (!safe.success) throw new Error("Invalid request body");
const data = await prisma.membership.create({ data: safe.data });
const data = await prisma.membership.create({ data: { ...safe.data, userId } });
const membership = schemaMembershipPublic.parse(data);
if (membership) res.status(201).json({ membership, message: "Membership created successfully" });