Fixed share page.

2024-06-30 05:31:50 +02:00 · 2022-12-13 11:27:55 -08:00 · 2022-12-13 11:27:55 -08:00 · 4c202741c2
commit 4c202741c2
parent cb4c8accea
11 changed files with 58 additions and 39 deletions
--- a/lib/types.ts
+++ b/lib/types.ts
@ -7,7 +7,9 @@ export interface Auth {
    role: string;
    isAdmin: boolean;
  };
-  shareToken?: string;
+  shareToken?: {
+    websiteId: string;
+  };
 }

 export interface NextApiRequestQueryBody<TQuery = any, TBody = any> extends NextApiRequest {
--- a/pages/api/share/[id].ts
+++ b/pages/api/share/[id].ts
@ -23,8 +23,7 @@ export default async (
    const website = await getWebsite({ shareId });

    if (website) {
-      const { id } = website;
-      const data = { id };
+      const data = { websiteId: website.id };
      const token = createToken(data, secret());

      return ok(res, { ...data, token });
--- a/pages/api/websites/[id]/active.ts
+++ b/pages/api/websites/[id]/active.ts
@ -1,5 +1,4 @@
-import { WebsiteActive } from 'lib/types';
-import { NextApiRequestQueryBody } from 'lib/types';
+import { NextApiRequestQueryBody, WebsiteActive } from 'lib/types';
 import { canViewWebsite } from 'lib/auth';
 import { useAuth, useCors } from 'lib/middleware';
 import { NextApiResponse } from 'next';
@ -17,13 +16,15 @@ export default async (
  await useCors(req, res);
  await useAuth(req, res);

-  const {
-    user: { id: userId },
-  } = req.auth;
-  const { id: websiteId } = req.query;
+  const { user, shareToken } = req.auth;
+  const userId = user?.id;
+  const websiteId = req.query.id;
+  const shared = shareToken?.websiteId === websiteId;

  if (req.method === 'GET') {
-    if (await canViewWebsite(userId, websiteId)) {
+    const canView = await canViewWebsite(userId, websiteId);
+
+    if (!canView && !shared) {
      return unauthorized(res);
    }

--- a/pages/api/websites/[id]/eventdata.ts
+++ b/pages/api/websites/[id]/eventdata.ts
@ -30,7 +30,9 @@ export default async (
  const { id: websiteId } = req.query;

  if (req.method === 'POST') {
-    if (canViewWebsite(userId, websiteId)) {
+    const canView = canViewWebsite(userId, websiteId);
+
+    if (!canView) {
      return unauthorized(res);
    }

--- a/pages/api/websites/[id]/events.ts
+++ b/pages/api/websites/[id]/events.ts
@ -25,13 +25,15 @@ export default async (
  await useCors(req, res);
  await useAuth(req, res);

-  const {
-    user: { id: userId },
-  } = req.auth;
  const { id: websiteId, start_at, end_at, unit, tz, url, event_name } = req.query;
+  const { user, shareToken } = req.auth;
+  const userId = user?.id;
+  const shared = shareToken?.websiteId === websiteId;

  if (req.method === 'GET') {
-    if (canViewWebsite(userId, websiteId)) {
+    const canView = canViewWebsite(userId, websiteId);
+
+    if (!canView && !shared) {
      return unauthorized(res);
    }

--- a/pages/api/websites/[id]/index.ts
+++ b/pages/api/websites/[id]/index.ts
@ -22,13 +22,15 @@ export default async (
  await useCors(req, res);
  await useAuth(req, res);

-  const {
-    user: { id: userId },
-  } = req.auth;
-  const { id: websiteId } = req.query;
+  const { user, shareToken } = req.auth;
+  const userId = user?.id;
+  const websiteId = req.query.id;
+  const shared = shareToken?.websiteId === websiteId;

  if (req.method === 'GET') {
-    if (!(await canViewWebsite(userId, websiteId))) {
+    const canView = await canViewWebsite(userId, websiteId);
+
+    if (!canView && !shared) {
      return unauthorized(res);
    }

@ -38,7 +40,9 @@ export default async (
  }

  if (req.method === 'POST') {
-    if (!(await canUpdateWebsite(userId, websiteId))) {
+    const canUpdate = await canUpdateWebsite(userId, websiteId);
+
+    if (!canUpdate) {
      return unauthorized(res);
    }

@ -56,7 +60,9 @@ export default async (
  }

  if (req.method === 'DELETE') {
-    if (!(await canDeleteWebsite(userId, websiteId))) {
+    const canDelete = await canDeleteWebsite(userId, websiteId);
+
+    if (!canDelete) {
      return unauthorized(res);
    }

--- a/pages/api/websites/[id]/metrics.ts
+++ b/pages/api/websites/[id]/metrics.ts
@ -55,9 +55,6 @@ export default async (
  await useCors(req, res);
  await useAuth(req, res);

-  const {
-    user: { id: userId },
-  } = req.auth;
  const {
    id: websiteId,
    type,
@ -70,9 +67,14 @@ export default async (
    device,
    country,
  } = req.query;
+  const { user, shareToken } = req.auth;
+  const userId = user?.id;
+  const shared = shareToken?.websiteId === websiteId;

  if (req.method === 'GET') {
-    if (!(await canViewWebsite(userId, websiteId))) {
+    const canView = await canViewWebsite(userId, websiteId);
+
+    if (!canView && !shared) {
      return unauthorized(res);
    }

--- a/pages/api/websites/[id]/pageviews.ts
+++ b/pages/api/websites/[id]/pageviews.ts
@ -30,9 +30,6 @@ export default async (
  await useCors(req, res);
  await useAuth(req, res);

-  const {
-    user: { id: userId },
-  } = req.auth;
  const {
    id: websiteId,
    start_at,
@ -46,9 +43,14 @@ export default async (
    device,
    country,
  } = req.query;
+  const { user, shareToken } = req.auth;
+  const userId = user?.id;
+  const shared = shareToken?.websiteId === websiteId;

  if (req.method === 'GET') {
-    if (!(await canViewWebsite(userId, websiteId))) {
+    const canView = await canViewWebsite(userId, websiteId);
+
+    if (!canView && !shared) {
      return unauthorized(res);
    }

--- a/pages/api/websites/[id]/reset.ts
+++ b/pages/api/websites/[id]/reset.ts
@ -1,5 +1,5 @@
 import { NextApiRequestQueryBody } from 'lib/types';
-import { canViewWebsite } from 'lib/auth';
+import { canUpdateWebsite } from 'lib/auth';
 import { useAuth, useCors } from 'lib/middleware';
 import { NextApiResponse } from 'next';
 import { methodNotAllowed, ok, unauthorized } from 'next-basics';
@ -22,7 +22,9 @@ export default async (
  const { id: websiteId } = req.query;

  if (req.method === 'POST') {
-    if (!(await canViewWebsite(userId, websiteId))) {
+    const canUpdate = await canUpdateWebsite(userId, websiteId);
+
+    if (!canUpdate) {
      return unauthorized(res);
    }

--- a/pages/api/websites/[id]/stats.ts
+++ b/pages/api/websites/[id]/stats.ts
@ -1,5 +1,4 @@
-import { WebsiteStats } from 'lib/types';
-import { NextApiRequestQueryBody } from 'lib/types';
+import { NextApiRequestQueryBody, WebsiteStats } from 'lib/types';
 import { canViewWebsite } from 'lib/auth';
 import { useAuth, useCors } from 'lib/middleware';
 import { NextApiResponse } from 'next';
@ -26,9 +25,6 @@ export default async (
  await useCors(req, res);
  await useAuth(req, res);

-  const {
-    user: { id: userId },
-  } = req.auth;
  const {
    id: websiteId,
    start_at,
@ -40,9 +36,14 @@ export default async (
    device,
    country,
  } = req.query;
+  const { user, shareToken } = req.auth;
+  const userId = user?.id;
+  const shared = shareToken?.websiteId === websiteId;

  if (req.method === 'GET') {
-    if (!(await canViewWebsite(userId, websiteId))) {
+    const canView = await canViewWebsite(userId, websiteId);
+
+    if (!canView && !shared) {
      return unauthorized(res);
    }

--- a/pages/share/[...id].js
+++ b/pages/share/[...id].js
@ -16,7 +16,7 @@ export default function SharePage() {

  return (
    <Layout>
-      <WebsiteDetails websiteId={shareToken.id} />
+      <WebsiteDetails websiteId={shareToken.websiteId} />
    </Layout>
  );
 }