feat: memberships hardened mode
parent
9c5624c748
commit
b0c0e9fb4c
|
@ -4,6 +4,7 @@ import prisma from "@calcom/prisma";
|
||||||
|
|
||||||
import { withMiddleware } from "@lib/helpers/withMiddleware";
|
import { withMiddleware } from "@lib/helpers/withMiddleware";
|
||||||
import type { MembershipResponse } from "@lib/types";
|
import type { MembershipResponse } from "@lib/types";
|
||||||
|
import { getCalcomUserId } from "@lib/utils/getCalcomUserId";
|
||||||
import { schemaMembershipBodyParams, schemaMembershipPublic } from "@lib/validations/membership";
|
import { schemaMembershipBodyParams, schemaMembershipPublic } from "@lib/validations/membership";
|
||||||
import { schemaQueryIdAsString, withValidQueryIdString } from "@lib/validations/shared/queryIdString";
|
import { schemaQueryIdAsString, withValidQueryIdString } from "@lib/validations/shared/queryIdString";
|
||||||
|
|
||||||
|
@ -106,48 +107,82 @@ export async function membershipById(req: NextApiRequest, res: NextApiResponse<M
|
||||||
const safeBody = schemaMembershipBodyParams.safeParse(body);
|
const safeBody = schemaMembershipBodyParams.safeParse(body);
|
||||||
if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error);
|
if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error);
|
||||||
// This is how we set the userId and teamId in the query for managing compoundId.
|
// This is how we set the userId and teamId in the query for managing compoundId.
|
||||||
const [userId, teamId] = safeQuery.data.id.split("_");
|
const [paramUserId, teamId] = safeQuery.data.id.split("_");
|
||||||
|
const userId = getCalcomUserId(res);
|
||||||
|
if (parseInt(paramUserId) === userId) {
|
||||||
|
switch (method) {
|
||||||
|
case "GET":
|
||||||
|
await prisma.membership
|
||||||
|
.findUnique({
|
||||||
|
where: {
|
||||||
|
userId_teamId: {
|
||||||
|
userId: userId,
|
||||||
|
teamId: parseInt(teamId),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
})
|
||||||
|
.then((data) => schemaMembershipPublic.parse(data))
|
||||||
|
.then((membership) => res.status(200).json({ membership }))
|
||||||
|
.catch((error: Error) =>
|
||||||
|
res.status(404).json({
|
||||||
|
message: `Membership with id: ${safeQuery.data.id} not found`,
|
||||||
|
error,
|
||||||
|
})
|
||||||
|
);
|
||||||
|
break;
|
||||||
|
|
||||||
switch (method) {
|
case "PATCH":
|
||||||
case "GET":
|
if (!safeBody.success) {
|
||||||
await prisma.membership
|
throw new Error("Invalid request body");
|
||||||
.findUnique({ where: { userId_teamId: { userId: parseInt(userId), teamId: parseInt(teamId) } } })
|
}
|
||||||
.then((data) => schemaMembershipPublic.parse(data))
|
await prisma.membership
|
||||||
.then((membership) => res.status(200).json({ membership }))
|
.update({
|
||||||
.catch((error: Error) =>
|
where: {
|
||||||
res.status(404).json({ message: `Membership with id: ${safeQuery.data.id} not found`, error })
|
userId_teamId: {
|
||||||
);
|
userId: userId,
|
||||||
break;
|
teamId: parseInt(teamId),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
data: safeBody.data,
|
||||||
|
})
|
||||||
|
.then((data) => schemaMembershipPublic.parse(data))
|
||||||
|
.then((membership) => res.status(200).json({ membership }))
|
||||||
|
.catch((error: Error) =>
|
||||||
|
res.status(404).json({
|
||||||
|
message: `Membership with id: ${safeQuery.data.id} not found`,
|
||||||
|
error,
|
||||||
|
})
|
||||||
|
);
|
||||||
|
break;
|
||||||
|
|
||||||
case "PATCH":
|
case "DELETE":
|
||||||
if (!safeBody.success) throw new Error("Invalid request body");
|
await prisma.membership
|
||||||
await prisma.membership
|
.delete({
|
||||||
.update({
|
where: {
|
||||||
where: { userId_teamId: { userId: parseInt(userId), teamId: parseInt(teamId) } },
|
userId_teamId: {
|
||||||
data: safeBody.data,
|
userId: userId,
|
||||||
})
|
teamId: parseInt(teamId),
|
||||||
.then((data) => schemaMembershipPublic.parse(data))
|
},
|
||||||
.then((membership) => res.status(200).json({ membership }))
|
},
|
||||||
.catch((error: Error) =>
|
})
|
||||||
res.status(404).json({ message: `Membership with id: ${safeQuery.data.id} not found`, error })
|
.then(() =>
|
||||||
);
|
res.status(200).json({
|
||||||
break;
|
message: `Membership with id: ${safeQuery.data.id} deleted successfully`,
|
||||||
|
})
|
||||||
|
)
|
||||||
|
.catch((error: Error) =>
|
||||||
|
res.status(404).json({
|
||||||
|
message: `Membership with id: ${safeQuery.data.id} not found`,
|
||||||
|
error,
|
||||||
|
})
|
||||||
|
);
|
||||||
|
break;
|
||||||
|
|
||||||
case "DELETE":
|
default:
|
||||||
await prisma.membership
|
res.status(405).json({ message: "Method not allowed" });
|
||||||
.delete({ where: { userId_teamId: { userId: parseInt(userId), teamId: parseInt(teamId) } } })
|
break;
|
||||||
.then(() =>
|
}
|
||||||
res.status(200).json({ message: `Membership with id: ${safeQuery.data.id} deleted successfully` })
|
} else res.status(401).json({ message: "Unauthorized" });
|
||||||
)
|
|
||||||
.catch((error: Error) =>
|
|
||||||
res.status(404).json({ message: `Membership with id: ${safeQuery.data.id} not found`, error })
|
|
||||||
);
|
|
||||||
break;
|
|
||||||
|
|
||||||
default:
|
|
||||||
res.status(405).json({ message: "Method not allowed" });
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
export default withMiddleware("HTTP_GET_DELETE_PATCH")(withValidQueryIdString(membershipById));
|
export default withMiddleware("HTTP_GET_DELETE_PATCH")(withValidQueryIdString(membershipById));
|
||||||
|
|
|
@ -4,6 +4,7 @@ import prisma from "@calcom/prisma";
|
||||||
|
|
||||||
import { withMiddleware } from "@lib/helpers/withMiddleware";
|
import { withMiddleware } from "@lib/helpers/withMiddleware";
|
||||||
import { MembershipResponse, MembershipsResponse } from "@lib/types";
|
import { MembershipResponse, MembershipsResponse } from "@lib/types";
|
||||||
|
import { getCalcomUserId } from "@lib/utils/getCalcomUserId";
|
||||||
import { schemaMembershipBodyParams, schemaMembershipPublic } from "@lib/validations/membership";
|
import { schemaMembershipBodyParams, schemaMembershipPublic } from "@lib/validations/membership";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -42,8 +43,9 @@ async function createOrlistAllMemberships(
|
||||||
res: NextApiResponse<MembershipsResponse | MembershipResponse>
|
res: NextApiResponse<MembershipsResponse | MembershipResponse>
|
||||||
) {
|
) {
|
||||||
const { method } = req;
|
const { method } = req;
|
||||||
|
const userId = getCalcomUserId(res);
|
||||||
if (method === "GET") {
|
if (method === "GET") {
|
||||||
const data = await prisma.membership.findMany();
|
const data = await prisma.membership.findMany({ where: { userId } });
|
||||||
const memberships = data.map((membership) => schemaMembershipPublic.parse(membership));
|
const memberships = data.map((membership) => schemaMembershipPublic.parse(membership));
|
||||||
if (memberships) res.status(200).json({ memberships });
|
if (memberships) res.status(200).json({ memberships });
|
||||||
else
|
else
|
||||||
|
@ -56,7 +58,7 @@ async function createOrlistAllMemberships(
|
||||||
const safe = schemaMembershipBodyParams.safeParse(req.body);
|
const safe = schemaMembershipBodyParams.safeParse(req.body);
|
||||||
if (!safe.success) throw new Error("Invalid request body");
|
if (!safe.success) throw new Error("Invalid request body");
|
||||||
|
|
||||||
const data = await prisma.membership.create({ data: safe.data });
|
const data = await prisma.membership.create({ data: { ...safe.data, userId } });
|
||||||
const membership = schemaMembershipPublic.parse(data);
|
const membership = schemaMembershipPublic.parse(data);
|
||||||
|
|
||||||
if (membership) res.status(201).json({ membership, message: "Membership created successfully" });
|
if (membership) res.status(201).json({ membership, message: "Membership created successfully" });
|
||||||
|
|
Loading…
Reference in New Issue