import type { Prisma } from "@prisma/client"; import type { NextApiRequest } from "next"; import { v4 as uuidv4 } from "uuid"; import { HttpError } from "@calcom/lib/http-error"; import { defaultResponder } from "@calcom/lib/server"; import { schemaWebhookCreateBodyParams, schemaWebhookReadPublic } from "@lib/validations/webhook"; /** * @swagger * /hooks: * post: * summary: Creates a new webhook * operationId: addWebhook * tags: * - webhooks * externalDocs: * url: https://docs.cal.com/webhooks * responses: * 201: * description: OK, webhook created * 400: * description: Bad request. webhook body is invalid. * 401: * description: Authorization information is missing or invalid. */ async function postHandler(req: NextApiRequest) { const { userId, isAdmin, prisma } = req; const { eventTypeId, userId: bodyUserId, ...body } = schemaWebhookCreateBodyParams.parse(req.body); const args: Prisma.WebhookCreateArgs = { data: { id: uuidv4(), ...body } }; // If no event type, we assume is for the current user. If admin we run more checks below... if (!eventTypeId) args.data.userId = userId; if (eventTypeId) { const where: Prisma.EventTypeWhereInput = { id: eventTypeId }; if (!isAdmin) where.userId = userId; await prisma.eventType.findFirstOrThrow({ where }); args.data.eventTypeId = eventTypeId; } if (!isAdmin && bodyUserId) throw new HttpError({ statusCode: 403, message: `ADMIN required for userId` }); if (isAdmin && bodyUserId) { const where: Prisma.UserWhereInput = { id: userId }; await prisma.user.findFirstOrThrow({ where }); args.data.userId = userId; } const data = await prisma.webhook.create(args); return { webhook: schemaWebhookReadPublic.parse(data), message: "Webhook created successfully", }; } export default defaultResponder(postHandler);