import type { NextApiRequest } from "next"; import { schemaQueryTeamId } from "@lib/validations/shared/queryTeamId"; async function authMiddleware(req: NextApiRequest) { const { userId, prisma, isAdmin } = req; const { teamId } = schemaQueryTeamId.parse(req.query); /** Admins can skip the ownership verification */ if (isAdmin) return; /** Non-members will see a 404 error which may or not be the desired behavior. */ await prisma.team.findFirstOrThrow({ where: { id: teamId, members: { some: { userId } } }, }); } export default authMiddleware;