public-offering
/
cal.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: make availabilities safe and return only userId related resources

pull/9078/head
Agusti Fernandez Pardo 2022-04-11 15:26:06 +02:00
parent 081b511e1e
commit fca49a23c5
2 changed files with 50 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
pages/api/availabilities/[id].ts
View File

@ -4,6 +4,7 @@ import prisma from "@calcom/prisma";
import { withMiddleware } from "@lib/helpers/withMiddleware"; import { withMiddleware } from "@lib/helpers/withMiddleware";
import type { AvailabilityResponse } from "@lib/types"; import type { AvailabilityResponse } from "@lib/types";
import { getCalcomUserId } from "@lib/utils/getCalcomUserId";
import { schemaAvailabilityBodyParams, schemaAvailabilityPublic } from "@lib/validations/availability"; import { schemaAvailabilityBodyParams, schemaAvailabilityPublic } from "@lib/validations/availability";
import { import {
schemaQueryIdParseInt, schemaQueryIdParseInt,
@ -84,46 +85,54 @@ export async function availabilityById(req: NextApiRequest, res: NextApiResponse
const safeQuery = schemaQueryIdParseInt.safeParse(query); const safeQuery = schemaQueryIdParseInt.safeParse(query);
const safeBody = schemaAvailabilityBodyParams.safeParse(body); const safeBody = schemaAvailabilityBodyParams.safeParse(body);
if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error); if (!safeQuery.success) throw new Error("Invalid request query", safeQuery.error);
const userId = await getCalcomUserId(res);
const data = await prisma.availability.findMany({ where: { userId } });
const availabiltiesIds = data.map((availability) => availability.id);
if (availabiltiesIds.includes(safeQuery.data.id)) {
switch (method) {
case "GET":
await prisma.availability
.findUnique({ where: { id: safeQuery.data.id } })
.then((data) => schemaAvailabilityPublic.parse(data))
.then((availability) => res.status(200).json({ availability }))
.catch((error: Error) =>
res.status(404).json({ message: `Availability with id: ${safeQuery.data.id} not found`, error })
);
break;
switch (method) { case "PATCH":
case "GET": if (!safeBody.success) throw new Error("Invalid request body");
await prisma.availability await prisma.availability
.findUnique({ where: { id: safeQuery.data.id } }) .update({
.then((data) => schemaAvailabilityPublic.parse(data)) where: { id: safeQuery.data.id },
.then((availability) => res.status(200).json({ availability })) data: safeBody.data,
.catch((error: Error) => })
res.status(404).json({ message: `Availability with id: ${safeQuery.data.id} not found`, error }) .then((data) => schemaAvailabilityPublic.parse(data))
); .then((availability) => res.status(200).json({ availability }))
break; .catch((error: Error) =>
res.status(404).json({ message: `Availability with id: ${safeQuery.data.id} not found`, error })
);
break;
case "PATCH": case "DELETE":
if (!safeBody.success) throw new Error("Invalid request body"); await prisma.availability
await prisma.availability .delete({ where: { id: safeQuery.data.id } })
.update({ .then(() =>
where: { id: safeQuery.data.id }, res
data: safeBody.data, .status(200)
}) .json({ message: `Availability with id: ${safeQuery.data.id} deleted successfully` })
.then((data) => schemaAvailabilityPublic.parse(data)) )
.then((availability) => res.status(200).json({ availability })) .catch((error: Error) =>
.catch((error: Error) => res.status(404).json({ message: `Availability with id: ${safeQuery.data.id} not found`, error })
res.status(404).json({ message: `Availability with id: ${safeQuery.data.id} not found`, error }) );
); break;
break;
case "DELETE": default:
await prisma.availability res.status(405).json({ message: "Method not allowed" });
.delete({ where: { id: safeQuery.data.id } }) break;
.then(() => }
res.status(200).json({ message: `Availability with id: ${safeQuery.data.id} deleted successfully` }) } else {
) res.status(401).json({ message: "Unauthorized" });
.catch((error: Error) =>
res.status(404).json({ message: `Availability with id: ${safeQuery.data.id} not found`, error })
);
break;
default:
res.status(405).json({ message: "Method not allowed" });
break;
} }
} }

5
pages/api/availabilities/index.ts
View File

@ -4,6 +4,7 @@ import prisma from "@calcom/prisma";
import { withMiddleware } from "@lib/helpers/withMiddleware"; import { withMiddleware } from "@lib/helpers/withMiddleware";
import { AvailabilityResponse, AvailabilitiesResponse } from "@lib/types"; import { AvailabilityResponse, AvailabilitiesResponse } from "@lib/types";
import { getCalcomUserId } from "@lib/utils/getCalcomUserId";
import { schemaAvailabilityBodyParams, schemaAvailabilityPublic } from "@lib/validations/availability"; import { schemaAvailabilityBodyParams, schemaAvailabilityPublic } from "@lib/validations/availability";
/** /**
@ -38,8 +39,10 @@ async function createOrlistAllAvailabilities(
res: NextApiResponse<AvailabilitiesResponse | AvailabilityResponse> res: NextApiResponse<AvailabilitiesResponse | AvailabilityResponse>
) { ) {
const { method } = req; const { method } = req;
const userId = await getCalcomUserId(res);
if (method === "GET") { if (method === "GET") {
const data = await prisma.availability.findMany(); const data = await prisma.availability.findMany({ where: { userId } });
const availabilities = data.map((availability) => schemaAvailabilityPublic.parse(availability)); const availabilities = data.map((availability) => schemaAvailabilityPublic.parse(availability));
if (availabilities) res.status(200).json({ availabilities }); if (availabilities) res.status(200).json({ availabilities });
else else