Hariom Balhara
9c23a8e5ab
Security Fixes ( #224 )
...
Fixes - 2,3,4 security vulnerabilities reported in this message.
https://calendso.slack.com/archives/C03127U5S5Q/p1671922033089329
More Fixes
- Dont't allow a user to add a random attendee to a booking not owned by
him
- Don't allow a user to add a random cal user as an organizer of the
booking.
- Membership deletion should be as per the Privileges of
Owner,Admin,Member
2023-01-04 15:17:47 -07:00
zomars
055699f612
Various import and type fixes
2022-11-25 06:58:21 -07:00
zomars
d93fd26a1e
Removed unused methods middleware
2022-10-21 13:30:09 -06:00
zomars
00bd908916
Fixes permission errors
2022-10-14 17:41:28 -06:00
Omar López
e3fa0e546b
Refactor schedule endpoints ( #185 )
2022-10-13 14:54:38 -06:00
Alex van Andel
a506c7da33
Refactor + fix userIds filter ( #179 )
...
This fix means a behaviour change to GET calls. Instead of a JSON
payload, instead a filter param has been added to the URL itself. GET
payloads are very unexpected in API designs, even though supported.
* Todo write tests (with postman?)
* Turn isAdmin logic into common middleware
```bash
curl "http://localhost:3002/v1/schedules?apiKey=...&userId=2 "
```
```bash
curl "http://localhost:3002/v1/schedules?apiKey= ..." \
-d '{"name":"Hello", "userId": 2}' \
-H 'Content-Type: application/json'
```
2022-10-11 15:33:25 +01:00
Syed Ali Shahbaz
f5d953ef1c
Hotfix/schedule ( #174 )
...
* Allows empty call
An authorized API call by a non-admin user with empty body will still fetch his data now
* Adds missing return
2022-10-07 15:33:04 +05:30
Syed Ali Shahbaz
628306793d
Prettier fix :/
2022-10-07 13:47:46 +05:30
Syed Ali Shahbaz
b05b6e48e7
Fixes another typo
2022-10-07 13:41:17 +05:30
Syed Ali Shahbaz
8eaad0c1c6
fixed typo
2022-10-07 13:34:02 +05:30
Syed Ali Shahbaz
9a65c547dc
Adds missing return after res
2022-10-07 13:24:55 +05:30
Syed Ali Shahbaz
21e081c64c
Adds meaningful response for API caller
2022-10-07 13:15:35 +05:30
Syed Ali Shahbaz
affba8bf66
Adds meaningful response for API caller
2022-10-07 13:13:56 +05:30
Syed Ali Shahbaz
79fabe0333
Adds safeParseJSON to the body
2022-10-07 13:03:09 +05:30
Syed Ali Shahbaz
36a0ebfbad
Adds safe json parse of the body
...
It ensures that the body complies with the safe parsing of the JSON so that if the body sent is not a valid JSON, we convert it into an empty JSON. Would improve in handling the response of such cases as a follow up for improved UX
2022-10-07 12:46:35 +05:30
Joe Au-Yeung
da88beb1f5
Fix type errors
2022-10-06 15:06:07 -04:00
Joe Au-Yeung
00ccb4ffd1
Simplify get /schedules
2022-10-06 14:41:50 -04:00
Joe Au-Yeung
2a7a111855
Safe parse for userId
2022-10-06 14:38:17 -04:00
Joe Au-Yeung
4ac9c1e6dd
Remove old comment
2022-10-06 10:02:35 -04:00
Joe Au-Yeung
372e188228
Pass userId as a single value or an array
2022-10-06 09:55:34 -04:00
Joe Au-Yeung
77b89fda05
Add return statements
2022-10-05 16:02:34 -04:00
Joe Au-Yeung
a5413b40ab
Add ability to get, post, and delete for other users if admin
2022-10-05 11:04:58 -04:00
Joe Au-Yeung
95fc04a453
Add check for userId and admin to top
2022-10-05 10:05:04 -04:00
Joe Au-Yeung
1adace1c0d
Create new availability on new schedule
2022-10-05 09:56:27 -04:00
Agusti Fernandez Pardo
e407a16766
feat: dynamic prisma
2022-06-06 18:17:10 +02:00
Agusti Fernandez Pardo
0ca9748674
fix: dont throw err on bad query
2022-05-18 14:27:30 +02:00
Agusti Fernandez Pardo
5aa0b37443
fix build and pass lint
2022-05-17 19:33:18 +02:00
Agusti Fernandez Pardo
08eeb36d47
feat: add operationId for autogenerated sdk
2022-05-05 18:18:00 +02:00
Agusti Fernandez Pardo
b572e4b0ff
fix: move all req to deconstructed
2022-04-30 20:53:19 +02:00
Agusti Fernandez Pardo
9bb0f82075
fix: improve comments, no anys
2022-04-29 17:29:57 +02:00
Agusti Fernandez Pardo
d6c34a8e51
fix: remove empty lines
2022-04-29 01:54:21 +02:00
Agusti Fernandez Pardo
bb28680413
fixes all openapi spect issues, removes json-schema auto-generated moving to manual examples
2022-04-29 01:38:40 +02:00
Agusti Fernandez Pardo
e52af0bbef
fix: post / patch attendees docs w examples
2022-04-27 19:25:36 +02:00
Agusti Fernandez Pardo
fa30b52988
remove v1 from specs
2022-04-26 21:56:59 +02:00
Agusti Fernandez Pardo
b38f78bbad
fix: remove withValidSchedule from get/patch/delete shared endpoint
2022-04-24 23:57:17 +02:00
Agusti Fernandez Pardo
9078ee2f3f
fix: build removing extra spaces
2022-04-23 02:40:39 +02:00
Agusti Fernandez Pardo
8d5605dc7b
fix: move 401 to throw early in all endpoints
2022-04-23 02:17:06 +02:00
zomars
be3bcf2bf0
Refactoring and fixes
2022-04-21 19:42:53 -06:00
Agusti Fernandez Pardo
cabe4ae9c6
feat: schedules hardend
2022-04-21 00:48:54 +02:00
Agusti Fernandez Pardo
25a2a405da
feat: adds apikeyAuth in swagger ui for all endpoints
2022-04-17 16:39:38 +02:00
Agusti Fernandez Pardo
0bda988676
feat: all resources endpoints for get all and new unified
2022-04-11 15:10:16 +02:00
Agusti Fernandez Pardo
963c893727
feat: unify new/index of attendees, availabilities, booking references, bookings, selected calendars, update response types
2022-04-11 12:03:15 +02:00
Agusti Fernandez Pardo
d95325c06c
payments safe, unify endpoints for remindermails schedules
2022-04-10 02:10:34 +02:00
Agusti Fernandez Pardo
325b19ba3f
Add userId check in users getAll and id endpoints
2022-04-07 21:55:43 +02:00
Agusti Fernandez Pardo
de8d7f64c3
mvoe to less files
2022-04-04 02:02:11 +02:00
Agusti Fernandez Pardo
61819772bc
fix all swagger docs, dont build templates
2022-04-03 17:47:18 +02:00
Agusti Fernandez Pardo
12de89294d
swagger docs add params, memberships handle compoundId
2022-03-31 22:14:37 +02:00
Agusti Fernandez Pardo
1de7bc4146
prettier
2022-03-30 14:17:55 +02:00
Agusti Fernandez Pardo
20a93a13c9
feat: update users/teams/apiKeys to use middleware
2022-03-29 03:59:57 +02:00
Agusti Fernandez Pardo
8165977ec3
Adds basic CRUD endpoints for bookingReferences, Crendentials, DailyEventReferences, DestinationCalendars, EventTypeCustomInputs, Memberships, Schedules, and SelectedCalendars
2022-03-29 00:27:14 +02:00