From 1075325ec54105d663b392082b77577990e2fe0f Mon Sep 17 00:00:00 2001 From: Mike Cao Date: Wed, 2 Nov 2022 15:45:47 -0700 Subject: [PATCH] Update website fetch and update. --- lib/auth.js | 2 +- pages/api/websites/[id]/index.js | 40 +++++++----------------- pages/api/websites/index.js | 32 +++++-------------- queries/admin/website/getUserWebsites.js | 6 ++-- queries/admin/website/updateWebsite.js | 6 ++-- 5 files changed, 27 insertions(+), 59 deletions(-) diff --git a/lib/auth.js b/lib/auth.js index 09d84ccc..f843065c 100644 --- a/lib/auth.js +++ b/lib/auth.js @@ -43,7 +43,7 @@ export function isValidToken(token, validation) { export async function allowQuery(req, type) { const { id } = req.query; - const { userId, isAdmin, shareToken } = req.auth ?? {}; + const { id: userId, isAdmin, shareToken } = req.auth ?? {}; if (isAdmin) { return true; diff --git a/pages/api/websites/[id]/index.js b/pages/api/websites/[id]/index.js index 81ccfc29..09056865 100644 --- a/pages/api/websites/[id]/index.js +++ b/pages/api/websites/[id]/index.js @@ -1,52 +1,34 @@ import { allowQuery } from 'lib/auth'; import { useAuth, useCors } from 'lib/middleware'; -import { getRandomChars, methodNotAllowed, ok, serverError, unauthorized } from 'next-basics'; -import { deleteWebsite, getUser, getWebsite, updateWebsite } from 'queries'; +import { methodNotAllowed, ok, serverError, unauthorized } from 'next-basics'; +import { deleteWebsite, getWebsite, updateWebsite } from 'queries'; import { TYPE_WEBSITE } from 'lib/constants'; export default async (req, res) => { await useCors(req, res); await useAuth(req, res); - const { id } = req.query; + const { id: websiteId } = req.query; if (!(await allowQuery(req, TYPE_WEBSITE))) { return unauthorized(res); } if (req.method === 'GET') { - const website = await getWebsite({ id }); + const website = await getWebsite({ id: websiteId }); return ok(res, website); } if (req.method === 'POST') { - const { name, domain, owner, enableShareUrl, shareId } = req.body; - const { userId } = req.auth; - let user; - - if (userId) { - user = await getUser({ id: userId }); - - if (!user) { - return serverError(res, 'User does not exist.'); - } - } - - const website = await getWebsite({ id }); - - const newShareId = enableShareUrl ? website.shareId || getRandomChars(8) : null; + const { name, domain, shareId } = req.body; try { - await updateWebsite( - { - name, - domain, - shareId: shareId ? shareId : newShareId, - userId: +owner || user.id, - }, - { id }, - ); + await updateWebsite(websiteId, { + name, + domain, + shareId, + }); } catch (e) { if (e.message.includes('Unique constraint') && e.message.includes('share_id')) { return serverError(res, 'That share ID is already taken.'); @@ -61,7 +43,7 @@ export default async (req, res) => { return unauthorized(res); } - await deleteWebsite(id); + await deleteWebsite(websiteId); return ok(res); } diff --git a/pages/api/websites/index.js b/pages/api/websites/index.js index b1ad8045..32d5e264 100644 --- a/pages/api/websites/index.js +++ b/pages/api/websites/index.js @@ -1,5 +1,5 @@ -import { createWebsite, getUser, getAllWebsites, getUserWebsites } from 'queries'; -import { ok, methodNotAllowed, unauthorized, getRandomChars } from 'next-basics'; +import { createWebsite, getAllWebsites, getUserWebsites } from 'queries'; +import { ok, methodNotAllowed, getRandomChars } from 'next-basics'; import { useAuth, useCors } from 'lib/middleware'; import { uuid } from 'lib/crypto'; @@ -7,39 +7,21 @@ export default async (req, res) => { await useCors(req, res); await useAuth(req, res); - const { user_id, include_all } = req.query; - const { userId: currentUserId, isAdmin } = req.auth; - const id = user_id || currentUserId; - let user; - - if (id) { - user = await getUser({ id }); - } - - const userId = user ? user.id : user_id; + const { id, isAdmin } = req.auth; if (req.method === 'GET') { - if (userId && userId !== currentUserId && !isAdmin) { - return unauthorized(res); - } + const { include_all } = req.query; - const websites = - isAdmin && include_all ? await getAllWebsites() : await getUserWebsites({ userId }); + const websites = isAdmin && include_all ? await getAllWebsites() : await getUserWebsites(id); return ok(res, websites); } if (req.method === 'POST') { - const { name, domain, owner, enableShareUrl } = req.body; - - const website_owner = user ? userId : +owner; - - if (website_owner !== currentUserId && !isAdmin) { - return unauthorized(res); - } + const { name, domain, enableShareUrl } = req.body; const shareId = enableShareUrl ? getRandomChars(8) : null; - const website = await createWebsite(website_owner, { id: uuid(), name, domain, shareId }); + const website = await createWebsite(id, { id: uuid(), name, domain, shareId }); return ok(res, website); } diff --git a/queries/admin/website/getUserWebsites.js b/queries/admin/website/getUserWebsites.js index 9a725ec2..c1a9d559 100644 --- a/queries/admin/website/getUserWebsites.js +++ b/queries/admin/website/getUserWebsites.js @@ -1,8 +1,10 @@ import prisma from 'lib/prisma'; -export async function getUserWebsites(where) { +export async function getUserWebsites(userId) { return prisma.client.website.findMany({ - where, + where: { + userId, + }, orderBy: { name: 'asc', }, diff --git a/queries/admin/website/updateWebsite.js b/queries/admin/website/updateWebsite.js index 1a5079a9..5ac70a61 100644 --- a/queries/admin/website/updateWebsite.js +++ b/queries/admin/website/updateWebsite.js @@ -1,8 +1,10 @@ import prisma from 'lib/prisma'; -export async function updateWebsite(data, where) { +export async function updateWebsite(id, data) { return prisma.client.website.update({ - where, + where: { + id, + }, data, }); }