Fix permissions.

This commit is contained in:
Brian Cao 2023-05-22 15:38:03 -07:00
parent 40f53e8856
commit 1f799f17e9
2 changed files with 20 additions and 15 deletions

View File

@ -4,16 +4,7 @@ import { NextApiResponse } from 'next';
import { methodNotAllowed, ok } from 'next-basics';
import { getUserWebsites } from 'queries';
export interface WebsitesRequestBody {
name: string;
domain: string;
shareId: string;
}
export default async (
req: NextApiRequestQueryBody<any, WebsitesRequestBody>,
res: NextApiResponse,
) => {
export default async (req: NextApiRequestQueryBody, res: NextApiResponse) => {
await useCors(req, res);
await useAuth(req, res);

View File

@ -1,22 +1,36 @@
import { subMinutes } from 'date-fns';
import { RealtimeInit, NextApiRequestAuth } from 'lib/types';
import { canViewWebsite } from 'lib/auth';
import { useAuth } from 'lib/middleware';
import { NextApiRequestQueryBody, RealtimeInit } from 'lib/types';
import { NextApiResponse } from 'next';
import { methodNotAllowed, ok } from 'next-basics';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
import { getRealtimeData } from 'queries';
export default async (req: NextApiRequestAuth, res: NextApiResponse<RealtimeInit>) => {
export interface RealtimeRequestQuery {
id: string;
startAt: number;
}
export default async (
req: NextApiRequestQueryBody<RealtimeRequestQuery>,
res: NextApiResponse<RealtimeInit>,
) => {
await useAuth(req, res);
if (req.method === 'GET') {
const { id, startAt } = req.query;
const { id: websiteId, startAt } = req.query;
if (!(await canViewWebsite(req.auth, websiteId))) {
return unauthorized(res);
}
let startTime = subMinutes(new Date(), 30);
if (+startAt > startTime.getTime()) {
startTime = new Date(+startAt);
}
const data = await getRealtimeData(id, startTime);
const data = await getRealtimeData(websiteId, startTime);
return ok(res, data);
}