mirror of
https://github.com/kremalicious/umami.git
synced 2024-12-24 18:26:20 +01:00
Fixed share page.
This commit is contained in:
parent
cb4c8accea
commit
4c202741c2
@ -7,7 +7,9 @@ export interface Auth {
|
||||
role: string;
|
||||
isAdmin: boolean;
|
||||
};
|
||||
shareToken?: string;
|
||||
shareToken?: {
|
||||
websiteId: string;
|
||||
};
|
||||
}
|
||||
|
||||
export interface NextApiRequestQueryBody<TQuery = any, TBody = any> extends NextApiRequest {
|
||||
|
@ -23,8 +23,7 @@ export default async (
|
||||
const website = await getWebsite({ shareId });
|
||||
|
||||
if (website) {
|
||||
const { id } = website;
|
||||
const data = { id };
|
||||
const data = { websiteId: website.id };
|
||||
const token = createToken(data, secret());
|
||||
|
||||
return ok(res, { ...data, token });
|
||||
|
@ -1,5 +1,4 @@
|
||||
import { WebsiteActive } from 'lib/types';
|
||||
import { NextApiRequestQueryBody } from 'lib/types';
|
||||
import { NextApiRequestQueryBody, WebsiteActive } from 'lib/types';
|
||||
import { canViewWebsite } from 'lib/auth';
|
||||
import { useAuth, useCors } from 'lib/middleware';
|
||||
import { NextApiResponse } from 'next';
|
||||
@ -17,13 +16,15 @@ export default async (
|
||||
await useCors(req, res);
|
||||
await useAuth(req, res);
|
||||
|
||||
const {
|
||||
user: { id: userId },
|
||||
} = req.auth;
|
||||
const { id: websiteId } = req.query;
|
||||
const { user, shareToken } = req.auth;
|
||||
const userId = user?.id;
|
||||
const websiteId = req.query.id;
|
||||
const shared = shareToken?.websiteId === websiteId;
|
||||
|
||||
if (req.method === 'GET') {
|
||||
if (await canViewWebsite(userId, websiteId)) {
|
||||
const canView = await canViewWebsite(userId, websiteId);
|
||||
|
||||
if (!canView && !shared) {
|
||||
return unauthorized(res);
|
||||
}
|
||||
|
||||
|
@ -30,7 +30,9 @@ export default async (
|
||||
const { id: websiteId } = req.query;
|
||||
|
||||
if (req.method === 'POST') {
|
||||
if (canViewWebsite(userId, websiteId)) {
|
||||
const canView = canViewWebsite(userId, websiteId);
|
||||
|
||||
if (!canView) {
|
||||
return unauthorized(res);
|
||||
}
|
||||
|
||||
|
@ -25,13 +25,15 @@ export default async (
|
||||
await useCors(req, res);
|
||||
await useAuth(req, res);
|
||||
|
||||
const {
|
||||
user: { id: userId },
|
||||
} = req.auth;
|
||||
const { id: websiteId, start_at, end_at, unit, tz, url, event_name } = req.query;
|
||||
const { user, shareToken } = req.auth;
|
||||
const userId = user?.id;
|
||||
const shared = shareToken?.websiteId === websiteId;
|
||||
|
||||
if (req.method === 'GET') {
|
||||
if (canViewWebsite(userId, websiteId)) {
|
||||
const canView = canViewWebsite(userId, websiteId);
|
||||
|
||||
if (!canView && !shared) {
|
||||
return unauthorized(res);
|
||||
}
|
||||
|
||||
|
@ -22,13 +22,15 @@ export default async (
|
||||
await useCors(req, res);
|
||||
await useAuth(req, res);
|
||||
|
||||
const {
|
||||
user: { id: userId },
|
||||
} = req.auth;
|
||||
const { id: websiteId } = req.query;
|
||||
const { user, shareToken } = req.auth;
|
||||
const userId = user?.id;
|
||||
const websiteId = req.query.id;
|
||||
const shared = shareToken?.websiteId === websiteId;
|
||||
|
||||
if (req.method === 'GET') {
|
||||
if (!(await canViewWebsite(userId, websiteId))) {
|
||||
const canView = await canViewWebsite(userId, websiteId);
|
||||
|
||||
if (!canView && !shared) {
|
||||
return unauthorized(res);
|
||||
}
|
||||
|
||||
@ -38,7 +40,9 @@ export default async (
|
||||
}
|
||||
|
||||
if (req.method === 'POST') {
|
||||
if (!(await canUpdateWebsite(userId, websiteId))) {
|
||||
const canUpdate = await canUpdateWebsite(userId, websiteId);
|
||||
|
||||
if (!canUpdate) {
|
||||
return unauthorized(res);
|
||||
}
|
||||
|
||||
@ -56,7 +60,9 @@ export default async (
|
||||
}
|
||||
|
||||
if (req.method === 'DELETE') {
|
||||
if (!(await canDeleteWebsite(userId, websiteId))) {
|
||||
const canDelete = await canDeleteWebsite(userId, websiteId);
|
||||
|
||||
if (!canDelete) {
|
||||
return unauthorized(res);
|
||||
}
|
||||
|
||||
|
@ -55,9 +55,6 @@ export default async (
|
||||
await useCors(req, res);
|
||||
await useAuth(req, res);
|
||||
|
||||
const {
|
||||
user: { id: userId },
|
||||
} = req.auth;
|
||||
const {
|
||||
id: websiteId,
|
||||
type,
|
||||
@ -70,9 +67,14 @@ export default async (
|
||||
device,
|
||||
country,
|
||||
} = req.query;
|
||||
const { user, shareToken } = req.auth;
|
||||
const userId = user?.id;
|
||||
const shared = shareToken?.websiteId === websiteId;
|
||||
|
||||
if (req.method === 'GET') {
|
||||
if (!(await canViewWebsite(userId, websiteId))) {
|
||||
const canView = await canViewWebsite(userId, websiteId);
|
||||
|
||||
if (!canView && !shared) {
|
||||
return unauthorized(res);
|
||||
}
|
||||
|
||||
|
@ -30,9 +30,6 @@ export default async (
|
||||
await useCors(req, res);
|
||||
await useAuth(req, res);
|
||||
|
||||
const {
|
||||
user: { id: userId },
|
||||
} = req.auth;
|
||||
const {
|
||||
id: websiteId,
|
||||
start_at,
|
||||
@ -46,9 +43,14 @@ export default async (
|
||||
device,
|
||||
country,
|
||||
} = req.query;
|
||||
const { user, shareToken } = req.auth;
|
||||
const userId = user?.id;
|
||||
const shared = shareToken?.websiteId === websiteId;
|
||||
|
||||
if (req.method === 'GET') {
|
||||
if (!(await canViewWebsite(userId, websiteId))) {
|
||||
const canView = await canViewWebsite(userId, websiteId);
|
||||
|
||||
if (!canView && !shared) {
|
||||
return unauthorized(res);
|
||||
}
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
import { NextApiRequestQueryBody } from 'lib/types';
|
||||
import { canViewWebsite } from 'lib/auth';
|
||||
import { canUpdateWebsite } from 'lib/auth';
|
||||
import { useAuth, useCors } from 'lib/middleware';
|
||||
import { NextApiResponse } from 'next';
|
||||
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
|
||||
@ -22,7 +22,9 @@ export default async (
|
||||
const { id: websiteId } = req.query;
|
||||
|
||||
if (req.method === 'POST') {
|
||||
if (!(await canViewWebsite(userId, websiteId))) {
|
||||
const canUpdate = await canUpdateWebsite(userId, websiteId);
|
||||
|
||||
if (!canUpdate) {
|
||||
return unauthorized(res);
|
||||
}
|
||||
|
||||
|
@ -1,5 +1,4 @@
|
||||
import { WebsiteStats } from 'lib/types';
|
||||
import { NextApiRequestQueryBody } from 'lib/types';
|
||||
import { NextApiRequestQueryBody, WebsiteStats } from 'lib/types';
|
||||
import { canViewWebsite } from 'lib/auth';
|
||||
import { useAuth, useCors } from 'lib/middleware';
|
||||
import { NextApiResponse } from 'next';
|
||||
@ -26,9 +25,6 @@ export default async (
|
||||
await useCors(req, res);
|
||||
await useAuth(req, res);
|
||||
|
||||
const {
|
||||
user: { id: userId },
|
||||
} = req.auth;
|
||||
const {
|
||||
id: websiteId,
|
||||
start_at,
|
||||
@ -40,9 +36,14 @@ export default async (
|
||||
device,
|
||||
country,
|
||||
} = req.query;
|
||||
const { user, shareToken } = req.auth;
|
||||
const userId = user?.id;
|
||||
const shared = shareToken?.websiteId === websiteId;
|
||||
|
||||
if (req.method === 'GET') {
|
||||
if (!(await canViewWebsite(userId, websiteId))) {
|
||||
const canView = await canViewWebsite(userId, websiteId);
|
||||
|
||||
if (!canView && !shared) {
|
||||
return unauthorized(res);
|
||||
}
|
||||
|
||||
|
@ -16,7 +16,7 @@ export default function SharePage() {
|
||||
|
||||
return (
|
||||
<Layout>
|
||||
<WebsiteDetails websiteId={shareToken.id} />
|
||||
<WebsiteDetails websiteId={shareToken.websiteId} />
|
||||
</Layout>
|
||||
);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user