feat: memberships hardened mode

pull/9078/head
Agusti Fernandez Pardo 2022-04-21 00:55:22 +02:00
parent 9c5624c748
commit b0c0e9fb4c
2 changed files with 78 additions and 41 deletions

View File

@ -4,6 +4,7 @@ import prisma from "@calcom/prisma";
import { withMiddleware } from "@lib/helpers/withMiddleware"; import { withMiddleware } from "@lib/helpers/withMiddleware";
import type { MembershipResponse } from "@lib/types"; import type { MembershipResponse } from "@lib/types";
import { getCalcomUserId } from "@lib/utils/getCalcomUserId";
import { schemaMembershipBodyParams, schemaMembershipPublic } from "@lib/validations/membership"; import { schemaMembershipBodyParams, schemaMembershipPublic } from "@lib/validations/membership";
import { schemaQueryIdAsString, withValidQueryIdString } from "@lib/validations/shared/queryIdString"; import { schemaQueryIdAsString, withValidQueryIdString } from "@lib/validations/shared/queryIdString";
@ -106,48 +107,82 @@ export async function membershipById(req: NextApiRequest, res: NextApiResponse<M
const safeBody = schemaMembershipBodyParams.safeParse(body); const safeBody = schemaMembershipBodyParams.safeParse(body);
if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error); if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error);
// This is how we set the userId and teamId in the query for managing compoundId. // This is how we set the userId and teamId in the query for managing compoundId.
const [userId, teamId] = safeQuery.data.id.split("_"); const [paramUserId, teamId] = safeQuery.data.id.split("_");
const userId = getCalcomUserId(res);
if (parseInt(paramUserId) === userId) {
switch (method) {
case "GET":
await prisma.membership
.findUnique({
where: {
userId_teamId: {
userId: userId,
teamId: parseInt(teamId),
},
},
})
.then((data) => schemaMembershipPublic.parse(data))
.then((membership) => res.status(200).json({ membership }))
.catch((error: Error) =>
res.status(404).json({
message: `Membership with id: ${safeQuery.data.id} not found`,
error,
})
);
break;
switch (method) { case "PATCH":
case "GET": if (!safeBody.success) {
await prisma.membership throw new Error("Invalid request body");
.findUnique({ where: { userId_teamId: { userId: parseInt(userId), teamId: parseInt(teamId) } } }) }
.then((data) => schemaMembershipPublic.parse(data)) await prisma.membership
.then((membership) => res.status(200).json({ membership })) .update({
.catch((error: Error) => where: {
res.status(404).json({ message: `Membership with id: ${safeQuery.data.id} not found`, error }) userId_teamId: {
); userId: userId,
break; teamId: parseInt(teamId),
},
},
data: safeBody.data,
})
.then((data) => schemaMembershipPublic.parse(data))
.then((membership) => res.status(200).json({ membership }))
.catch((error: Error) =>
res.status(404).json({
message: `Membership with id: ${safeQuery.data.id} not found`,
error,
})
);
break;
case "PATCH": case "DELETE":
if (!safeBody.success) throw new Error("Invalid request body"); await prisma.membership
await prisma.membership .delete({
.update({ where: {
where: { userId_teamId: { userId: parseInt(userId), teamId: parseInt(teamId) } }, userId_teamId: {
data: safeBody.data, userId: userId,
}) teamId: parseInt(teamId),
.then((data) => schemaMembershipPublic.parse(data)) },
.then((membership) => res.status(200).json({ membership })) },
.catch((error: Error) => })
res.status(404).json({ message: `Membership with id: ${safeQuery.data.id} not found`, error }) .then(() =>
); res.status(200).json({
break; message: `Membership with id: ${safeQuery.data.id} deleted successfully`,
})
)
.catch((error: Error) =>
res.status(404).json({
message: `Membership with id: ${safeQuery.data.id} not found`,
error,
})
);
break;
case "DELETE": default:
await prisma.membership res.status(405).json({ message: "Method not allowed" });
.delete({ where: { userId_teamId: { userId: parseInt(userId), teamId: parseInt(teamId) } } }) break;
.then(() => }
res.status(200).json({ message: `Membership with id: ${safeQuery.data.id} deleted successfully` }) } else res.status(401).json({ message: "Unauthorized" });
)
.catch((error: Error) =>
res.status(404).json({ message: `Membership with id: ${safeQuery.data.id} not found`, error })
);
break;
default:
res.status(405).json({ message: "Method not allowed" });
break;
}
} }
export default withMiddleware("HTTP_GET_DELETE_PATCH")(withValidQueryIdString(membershipById)); export default withMiddleware("HTTP_GET_DELETE_PATCH")(withValidQueryIdString(membershipById));

View File

@ -4,6 +4,7 @@ import prisma from "@calcom/prisma";
import { withMiddleware } from "@lib/helpers/withMiddleware"; import { withMiddleware } from "@lib/helpers/withMiddleware";
import { MembershipResponse, MembershipsResponse } from "@lib/types"; import { MembershipResponse, MembershipsResponse } from "@lib/types";
import { getCalcomUserId } from "@lib/utils/getCalcomUserId";
import { schemaMembershipBodyParams, schemaMembershipPublic } from "@lib/validations/membership"; import { schemaMembershipBodyParams, schemaMembershipPublic } from "@lib/validations/membership";
/** /**
@ -42,8 +43,9 @@ async function createOrlistAllMemberships(
res: NextApiResponse<MembershipsResponse | MembershipResponse> res: NextApiResponse<MembershipsResponse | MembershipResponse>
) { ) {
const { method } = req; const { method } = req;
const userId = getCalcomUserId(res);
if (method === "GET") { if (method === "GET") {
const data = await prisma.membership.findMany(); const data = await prisma.membership.findMany({ where: { userId } });
const memberships = data.map((membership) => schemaMembershipPublic.parse(membership)); const memberships = data.map((membership) => schemaMembershipPublic.parse(membership));
if (memberships) res.status(200).json({ memberships }); if (memberships) res.status(200).json({ memberships });
else else
@ -56,7 +58,7 @@ async function createOrlistAllMemberships(
const safe = schemaMembershipBodyParams.safeParse(req.body); const safe = schemaMembershipBodyParams.safeParse(req.body);
if (!safe.success) throw new Error("Invalid request body"); if (!safe.success) throw new Error("Invalid request body");
const data = await prisma.membership.create({ data: safe.data }); const data = await prisma.membership.create({ data: { ...safe.data, userId } });
const membership = schemaMembershipPublic.parse(data); const membership = schemaMembershipPublic.parse(data);
if (membership) res.status(201).json({ membership, message: "Membership created successfully" }); if (membership) res.status(201).json({ membership, message: "Membership created successfully" });