26 lines
896 B
TypeScript
26 lines
896 B
TypeScript
import type { NextApiRequest } from "next";
|
|
|
|
import { HttpError } from "@calcom/lib/http-error";
|
|
import { defaultResponder } from "@calcom/lib/server";
|
|
|
|
import { schemaQueryIdParseInt } from "@lib/validations/shared/queryIdTransformParseInt";
|
|
|
|
export async function authMiddleware(req: NextApiRequest) {
|
|
const { userId, prisma, isAdmin, query } = req;
|
|
const { id } = schemaQueryIdParseInt.parse(query);
|
|
const userWithBookings = await prisma.user.findUnique({
|
|
where: { id: userId },
|
|
include: { bookings: true },
|
|
});
|
|
|
|
if (!userWithBookings) throw new HttpError({ statusCode: 404, message: "User not found" });
|
|
|
|
const userBookingIds = userWithBookings.bookings.map((booking) => booking.id);
|
|
|
|
if (!isAdmin && !userBookingIds.includes(id)) {
|
|
throw new HttpError({ statusCode: 401, message: "You are not authorized" });
|
|
}
|
|
}
|
|
|
|
export default defaultResponder(authMiddleware);
|