ambiser
/
umami
9
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix share URL permissions.

pull/1745/head
Brian Cao 2023-01-16 09:30:46 -08:00
parent 05c7196bc6
commit cc46cfdcbf
3 changed files with 23 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
components/layout/Header.js
View File

@ -29,21 +29,24 @@ export default function Header() {
<Icon icon={<Logo />} size="large" className={styles.logo} /> <Icon icon={<Logo />} size="large" className={styles.logo} />
<Link href={isSharePage ? HOMEPAGE_URL : '/'}>umami</Link> <Link href={isSharePage ? HOMEPAGE_URL : '/'}>umami</Link>
</div> </div>
<HamburgerButton />
{user && ( {user && (
<div className={styles.links}> <>
<Link href="/dashboard"> <HamburgerButton />
<FormattedMessage id="label.dashboard" defaultMessage="Dashboard" /> <div className={styles.links}>
</Link> <Link href="/dashboard">
<Link href="/realtime"> <FormattedMessage id="label.dashboard" defaultMessage="Dashboard" />
<FormattedMessage id="label.realtime" defaultMessage="Realtime" />
</Link>
{!process.env.isCloudMode && (
<Link href="/settings">
<FormattedMessage id="label.settings" defaultMessage="Settings" />
</Link> </Link>
)} <Link href="/realtime">
</div> <FormattedMessage id="label.realtime" defaultMessage="Realtime" />
</Link>
{!process.env.isCloudMode && (
<Link href="/settings">
<FormattedMessage id="label.settings" defaultMessage="Settings" />
</Link>
)}
</div>
</>
)} )}
<div className={styles.buttons}> <div className={styles.buttons}>
<ThemeButton /> <ThemeButton />

6
pages/api/realtime/init.js
View File

@ -1,5 +1,5 @@
import { subMinutes } from 'date-fns'; import { subMinutes } from 'date-fns';
import { ok, methodNotAllowed, createToken } from 'next-basics'; import { ok, unauthorized, methodNotAllowed, createToken } from 'next-basics';
import { useAuth } from 'lib/middleware'; import { useAuth } from 'lib/middleware';
import { getUserWebsites, getRealtimeData } from 'queries'; import { getUserWebsites, getRealtimeData } from 'queries';
import { secret } from 'lib/crypto'; import { secret } from 'lib/crypto';
@ -10,6 +10,10 @@ export default async (req, res) => {
if (req.method === 'GET') { if (req.method === 'GET') {
const { userId } = req.auth; const { userId } = req.auth;
if (!userId) {
return unauthorized(res);
}
const websites = await getUserWebsites({ userId }); const websites = await getUserWebsites({ userId });
const ids = websites.map(({ websiteUuid }) => websiteUuid); const ids = websites.map(({ websiteUuid }) => websiteUuid);
const token = createToken({ websites: ids }, secret()); const token = createToken({ websites: ids }, secret());

3
pages/api/websites/index.js
View File

@ -7,6 +7,7 @@ export default async (req, res) => {
await useAuth(req, res); await useAuth(req, res);
const { user_id, include_all } = req.query; const { user_id, include_all } = req.query;
const { userId: currentUserId, isAdmin } = req.auth; const { userId: currentUserId, isAdmin } = req.auth;
const accountUuid = user_id || req.auth.accountUuid; const accountUuid = user_id || req.auth.accountUuid;
let account; let account;
@ -18,7 +19,7 @@ export default async (req, res) => {
const userId = account ? account.id : user_id; const userId = account ? account.id : user_id;
if (req.method === 'GET') { if (req.method === 'GET') {
if (userId && userId !== currentUserId && !isAdmin) { if (!userId || (userId !== currentUserId && !isAdmin)) {
return unauthorized(res); return unauthorized(res);
} }