Commit Graph

46 Commits (992bdc0b543d2b305b293a8ae9dcc2f0ae8d132c)

Author SHA1 Message Date
Hariom Balhara 9c23a8e5ab
Security Fixes (#224)
Fixes - 2,3,4 security vulnerabilities reported in this message.
https://calendso.slack.com/archives/C03127U5S5Q/p1671922033089329

More Fixes
- Dont't allow a user to add a random attendee to a booking not owned by
him
- Don't allow a user to add a random cal user as an organizer of the
booking.
- Membership deletion should be as per the Privileges of
Owner,Admin,Member
2023-01-04 15:17:47 -07:00
zomars 055699f612 Various import and type fixes 2022-11-25 06:58:21 -07:00
alannnc c016a4343d
added more endpoints and validations for publish-pay teams (#209)
## What does the PR do?

- Team billing via API

Just like the web project, we validate that team has stripe metadata
before converting requestedSlug to slug.

Co-authored-by: zomars <zomars@me.com>
2022-11-22 13:24:25 -07:00
zomars d93fd26a1e Removed unused methods middleware 2022-10-21 13:30:09 -06:00
zomars 00bd908916 Fixes permission errors 2022-10-14 17:41:28 -06:00
zomars c03144c343 Fixed major flaw with authMiddleware
authMiddleware should not use defaultResponder directly as it will catch thrown error and we need those errors to prevent running the rest of the code.
2022-10-10 20:23:08 -06:00
zomars d4a2b8e791 Refactors attendees' endpoints 2022-10-07 13:08:25 -06:00
Agusti Fernandez Pardo 6e68671c2a fix: merge w main 2022-06-18 01:52:37 +02:00
Agusti Fernandez Pardo 8c3774e100 fix: remove comment 2022-06-15 21:14:35 +02:00
Agusti Fernandez Pardo ed1bc8015a feat: initial isAdmin work for events and attendees 2022-06-15 20:43:35 +02:00
Agusti Fernandez Pardo e407a16766 feat: dynamic prisma 2022-06-06 18:17:10 +02:00
Agusti Fernandez Pardo 08eeb36d47 feat: add operationId for autogenerated sdk 2022-05-05 18:18:00 +02:00
Agusti Fernandez Pardo c8d776aeb7 fix: remove extra comments 2022-04-29 17:36:25 +02:00
Agusti Fernandez Pardo 9bb0f82075 fix: improve comments, no anys 2022-04-29 17:29:57 +02:00
Agusti Fernandez Pardo d06a9488e4 fix: rename endpoints to be only 2 words max 2022-04-29 02:49:38 +02:00
Agusti Fernandez Pardo e13ea234b8 fix: improve docs in attendees availabilities and booking references 2022-04-29 02:30:59 +02:00
Agusti Fernandez Pardo d6c34a8e51 fix: remove empty lines 2022-04-29 01:54:21 +02:00
Agusti Fernandez Pardo bb28680413 fixes all openapi spect issues, removes json-schema auto-generated moving to manual examples 2022-04-29 01:38:40 +02:00
Agusti Fernandez Pardo e52af0bbef fix: post / patch attendees docs w examples 2022-04-27 19:25:36 +02:00
Agusti Fernandez Pardo 6997606a4c fix: moves to pick and separates availabilities 2022-04-26 22:23:33 +02:00
Agusti Fernandez Pardo 3759eccfca fix: attendees move to use pick, separate patch/post 2022-04-26 22:12:28 +02:00
Agusti Fernandez Pardo fa30b52988 remove v1 from specs 2022-04-26 21:56:59 +02:00
Agusti Fernandez Pardo dad70d5a12 fix users, availabilites, attendees 2022-04-24 02:10:32 +02:00
Agusti Fernandez Pardo 096fd40044 fix: fixess attends:id endpoit 2022-04-23 05:51:26 +02:00
Agusti Fernandez Pardo 9078ee2f3f fix: build removing extra spaces 2022-04-23 02:40:39 +02:00
Agusti Fernandez Pardo 307eddcbd5 fix: invert 401 to throw early in attendees 2022-04-23 02:06:39 +02:00
zomars be3bcf2bf0 Refactoring and fixes 2022-04-21 19:42:53 -06:00
Agusti Fernandez Pardo 18c1a2f026 remove unnecessary await on all getCalcomUserId() calls 2022-04-21 00:55:41 +02:00
Agusti Fernandez Pardo 25a2a405da feat: adds apikeyAuth in swagger ui for all endpoints 2022-04-17 16:39:38 +02:00
Agusti Fernandez Pardo d987d52dbb feat: credentials, teams 2022-04-13 02:12:16 +02:00
Agusti Fernandez Pardo 9447bd859d feat hardened attendees, availabilites, booking-references, and bookings 2022-04-11 16:47:01 +02:00
Agusti Fernandez Pardo 081b511e1e Make attendees id endpoint return only user owned resources 2022-04-11 15:20:38 +02:00
Agusti Fernandez Pardo 0bda988676 feat: all resources endpoints for get all and new unified 2022-04-11 15:10:16 +02:00
Agusti Fernandez Pardo 963c893727 feat: unify new/index of attendees, availabilities, booking references, bookings, selected calendars, update response types 2022-04-11 12:03:15 +02:00
Agusti Fernandez Pardo d95325c06c payments safe, unify endpoints for remindermails schedules 2022-04-10 02:10:34 +02:00
Agusti Fernandez Pardo 9edc1dbd29 some fixes on helpers/middlewares 2022-04-08 18:08:26 +02:00
Agusti Fernandez Pardo fc3677631f attendes of users bookings only 2022-04-08 03:16:53 +02:00
Agusti Fernandez Pardo fc2978a61b feat: initial work unifying new endpoint and generating api key 2022-04-07 03:29:53 +02:00
Agusti Fernandez Pardo de8d7f64c3 mvoe to less files 2022-04-04 02:02:11 +02:00
Agusti Fernandez Pardo 61819772bc fix all swagger docs, dont build templates 2022-04-03 17:47:18 +02:00
Agusti Fernandez Pardo 55f93cded6 feat: update attendees / availabilites / users endpoints and document parameters 2022-04-01 22:05:10 +02:00
Agusti Fernandez Pardo 1de7bc4146 prettier 2022-03-30 14:17:55 +02:00
Agusti Fernandez Pardo 1241ae6cfc feat: move findAll to return arrays 2022-03-28 16:05:00 +02:00
Agusti Fernandez Pardo 0e3131d866 feat: improve validations 2022-03-27 15:15:46 +02:00
Agusti Fernandez Pardo 396c5b8d8c chore: refactor all delete endpoints to use if/else instead of .catch() and .error() 2022-03-27 01:08:00 +01:00
Agusti Fernandez Pardo 936572e7e1 feat: adds availabilitesi and attendees endpoints, some cleanup less try/catch more if/else 2022-03-27 00:58:22 +01:00