Fixed share page.

This commit is contained in:
Mike Cao 2022-12-13 11:27:55 -08:00
parent cb4c8accea
commit 4c202741c2
11 changed files with 58 additions and 39 deletions

View File

@ -7,7 +7,9 @@ export interface Auth {
role: string;
isAdmin: boolean;
};
shareToken?: string;
shareToken?: {
websiteId: string;
};
}
export interface NextApiRequestQueryBody<TQuery = any, TBody = any> extends NextApiRequest {

View File

@ -23,8 +23,7 @@ export default async (
const website = await getWebsite({ shareId });
if (website) {
const { id } = website;
const data = { id };
const data = { websiteId: website.id };
const token = createToken(data, secret());
return ok(res, { ...data, token });

View File

@ -1,5 +1,4 @@
import { WebsiteActive } from 'lib/types';
import { NextApiRequestQueryBody } from 'lib/types';
import { NextApiRequestQueryBody, WebsiteActive } from 'lib/types';
import { canViewWebsite } from 'lib/auth';
import { useAuth, useCors } from 'lib/middleware';
import { NextApiResponse } from 'next';
@ -17,13 +16,15 @@ export default async (
await useCors(req, res);
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
const { id: websiteId } = req.query;
const { user, shareToken } = req.auth;
const userId = user?.id;
const websiteId = req.query.id;
const shared = shareToken?.websiteId === websiteId;
if (req.method === 'GET') {
if (await canViewWebsite(userId, websiteId)) {
const canView = await canViewWebsite(userId, websiteId);
if (!canView && !shared) {
return unauthorized(res);
}

View File

@ -30,7 +30,9 @@ export default async (
const { id: websiteId } = req.query;
if (req.method === 'POST') {
if (canViewWebsite(userId, websiteId)) {
const canView = canViewWebsite(userId, websiteId);
if (!canView) {
return unauthorized(res);
}

View File

@ -25,13 +25,15 @@ export default async (
await useCors(req, res);
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
const { id: websiteId, start_at, end_at, unit, tz, url, event_name } = req.query;
const { user, shareToken } = req.auth;
const userId = user?.id;
const shared = shareToken?.websiteId === websiteId;
if (req.method === 'GET') {
if (canViewWebsite(userId, websiteId)) {
const canView = canViewWebsite(userId, websiteId);
if (!canView && !shared) {
return unauthorized(res);
}

View File

@ -22,13 +22,15 @@ export default async (
await useCors(req, res);
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
const { id: websiteId } = req.query;
const { user, shareToken } = req.auth;
const userId = user?.id;
const websiteId = req.query.id;
const shared = shareToken?.websiteId === websiteId;
if (req.method === 'GET') {
if (!(await canViewWebsite(userId, websiteId))) {
const canView = await canViewWebsite(userId, websiteId);
if (!canView && !shared) {
return unauthorized(res);
}
@ -38,7 +40,9 @@ export default async (
}
if (req.method === 'POST') {
if (!(await canUpdateWebsite(userId, websiteId))) {
const canUpdate = await canUpdateWebsite(userId, websiteId);
if (!canUpdate) {
return unauthorized(res);
}
@ -56,7 +60,9 @@ export default async (
}
if (req.method === 'DELETE') {
if (!(await canDeleteWebsite(userId, websiteId))) {
const canDelete = await canDeleteWebsite(userId, websiteId);
if (!canDelete) {
return unauthorized(res);
}

View File

@ -55,9 +55,6 @@ export default async (
await useCors(req, res);
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
const {
id: websiteId,
type,
@ -70,9 +67,14 @@ export default async (
device,
country,
} = req.query;
const { user, shareToken } = req.auth;
const userId = user?.id;
const shared = shareToken?.websiteId === websiteId;
if (req.method === 'GET') {
if (!(await canViewWebsite(userId, websiteId))) {
const canView = await canViewWebsite(userId, websiteId);
if (!canView && !shared) {
return unauthorized(res);
}

View File

@ -30,9 +30,6 @@ export default async (
await useCors(req, res);
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
const {
id: websiteId,
start_at,
@ -46,9 +43,14 @@ export default async (
device,
country,
} = req.query;
const { user, shareToken } = req.auth;
const userId = user?.id;
const shared = shareToken?.websiteId === websiteId;
if (req.method === 'GET') {
if (!(await canViewWebsite(userId, websiteId))) {
const canView = await canViewWebsite(userId, websiteId);
if (!canView && !shared) {
return unauthorized(res);
}

View File

@ -1,5 +1,5 @@
import { NextApiRequestQueryBody } from 'lib/types';
import { canViewWebsite } from 'lib/auth';
import { canUpdateWebsite } from 'lib/auth';
import { useAuth, useCors } from 'lib/middleware';
import { NextApiResponse } from 'next';
import { methodNotAllowed, ok, unauthorized } from 'next-basics';
@ -22,7 +22,9 @@ export default async (
const { id: websiteId } = req.query;
if (req.method === 'POST') {
if (!(await canViewWebsite(userId, websiteId))) {
const canUpdate = await canUpdateWebsite(userId, websiteId);
if (!canUpdate) {
return unauthorized(res);
}

View File

@ -1,5 +1,4 @@
import { WebsiteStats } from 'lib/types';
import { NextApiRequestQueryBody } from 'lib/types';
import { NextApiRequestQueryBody, WebsiteStats } from 'lib/types';
import { canViewWebsite } from 'lib/auth';
import { useAuth, useCors } from 'lib/middleware';
import { NextApiResponse } from 'next';
@ -26,9 +25,6 @@ export default async (
await useCors(req, res);
await useAuth(req, res);
const {
user: { id: userId },
} = req.auth;
const {
id: websiteId,
start_at,
@ -40,9 +36,14 @@ export default async (
device,
country,
} = req.query;
const { user, shareToken } = req.auth;
const userId = user?.id;
const shared = shareToken?.websiteId === websiteId;
if (req.method === 'GET') {
if (!(await canViewWebsite(userId, websiteId))) {
const canView = await canViewWebsite(userId, websiteId);
if (!canView && !shared) {
return unauthorized(res);
}

View File

@ -16,7 +16,7 @@ export default function SharePage() {
return (
<Layout>
<WebsiteDetails websiteId={shareToken.id} />
<WebsiteDetails websiteId={shareToken.websiteId} />
</Layout>
);
}