From ec18912879f48a240288cb0260d4bf46ba6bb6c2 Mon Sep 17 00:00:00 2001 From: Baptiste Arnaud Date: Fri, 4 Mar 2022 17:21:01 +0100 Subject: [PATCH] =?UTF-8?q?build:=20=F0=9F=94=92=EF=B8=8F=20Add=20extra=20?= =?UTF-8?q?user=20check=20in=20api?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/builder/pages/api/coupons/redeem.ts | 13 +++---- .../api/credentials/google-sheets/callback.ts | 12 +++---- apps/builder/pages/api/folders.ts | 13 +++---- apps/builder/pages/api/folders/[id].ts | 13 +++---- .../google-sheets/spreadsheets.ts | 12 +++---- .../google-sheets/spreadsheets/[id]/sheets.ts | 12 +++---- apps/builder/pages/api/publicTypebots.ts | 11 +++--- apps/builder/pages/api/publicTypebots/[id].ts | 10 +++--- apps/builder/pages/api/typebots.ts | 13 +++---- .../builder/pages/api/typebots/[typebotId].ts | 11 +++--- .../collaborators copy/[userId].ts | 34 ------------------- .../pages/api/typebots/[typebotId]/results.ts | 13 +++---- .../[typebotId]/results/answers/count.ts | 13 +++---- .../api/typebots/[typebotId]/results/stats.ts | 13 +++---- apps/builder/pages/api/users/[id].ts | 10 +++--- .../pages/api/users/[id]/credentials.ts | 14 +++----- .../users/[id]/credentials/[credentialsId].ts | 13 +++---- .../pages/api/users/[id]/customDomains.ts | 14 +++----- .../api/users/[id]/customDomains/[domain].ts | 13 +++---- apps/builder/services/api/utils.ts | 2 +- 20 files changed, 80 insertions(+), 179 deletions(-) delete mode 100644 apps/builder/pages/api/typebots/[typebotId]/collaborators copy/[userId].ts diff --git a/apps/builder/pages/api/coupons/redeem.ts b/apps/builder/pages/api/coupons/redeem.ts index e8f38e340..d8394e6ab 100644 --- a/apps/builder/pages/api/coupons/redeem.ts +++ b/apps/builder/pages/api/coupons/redeem.ts @@ -1,17 +1,14 @@ import { withSentry } from '@sentry/nextjs' -import { Prisma, User } from 'db' +import { Prisma } from 'db' import prisma from 'libs/prisma' import { NextApiRequest, NextApiResponse } from 'next' -import { getSession } from 'next-auth/react' +import { getAuthenticatedUser } from 'services/api/utils' +import { notAuthenticated } from 'utils' const handler = async (req: NextApiRequest, res: NextApiResponse) => { if (req.method === 'POST') { - const session = await getSession({ req }) - - if (!session?.user) - return res.status(401).json({ message: 'Not authenticated' }) - - const user = session.user as User + const user = await getAuthenticatedUser(req) + if (!user) return notAuthenticated(res) const { code } = typeof req.body === 'string' ? JSON.parse(req.body) : req.body const coupon = await prisma.coupon.findFirst({ diff --git a/apps/builder/pages/api/credentials/google-sheets/callback.ts b/apps/builder/pages/api/credentials/google-sheets/callback.ts index 98ec4fd49..fa1c684b4 100644 --- a/apps/builder/pages/api/credentials/google-sheets/callback.ts +++ b/apps/builder/pages/api/credentials/google-sheets/callback.ts @@ -1,16 +1,17 @@ import { NextApiRequest, NextApiResponse } from 'next' -import { getSession } from 'next-auth/react' -import { Prisma, User } from 'db' +import { Prisma } from 'db' import prisma from 'libs/prisma' import { googleSheetsScopes } from './consent-url' import { stringify } from 'querystring' import { CredentialsType } from 'models' -import { encrypt } from 'utils' +import { encrypt, notAuthenticated } from 'utils' import { oauth2Client } from 'libs/google-sheets' import { withSentry } from '@sentry/nextjs' +import { getAuthenticatedUser } from 'services/api/utils' const handler = async (req: NextApiRequest, res: NextApiResponse) => { - const session = await getSession({ req }) + const user = await getAuthenticatedUser(req) + if (!user) return notAuthenticated(res) const { redirectUrl, stepId } = JSON.parse( Buffer.from(req.query.state.toString(), 'base64').toString() ) @@ -18,9 +19,6 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => { const code = req.query.code.toString() if (!code) return res.status(400).send({ message: "Bad request, couldn't get code" }) - if (!session?.user) - return res.status(401).json({ message: 'Not authenticated' }) - const user = session.user as User const { tokens } = await oauth2Client.getToken(code) if (!tokens?.access_token) { console.error('Error getting oAuth tokens:') diff --git a/apps/builder/pages/api/folders.ts b/apps/builder/pages/api/folders.ts index f671b7067..ca69b28e2 100644 --- a/apps/builder/pages/api/folders.ts +++ b/apps/builder/pages/api/folders.ts @@ -1,17 +1,14 @@ import { withSentry } from '@sentry/nextjs' -import { DashboardFolder, User } from 'db' +import { DashboardFolder } from 'db' import prisma from 'libs/prisma' import { NextApiRequest, NextApiResponse } from 'next' -import { getSession } from 'next-auth/react' -import { methodNotAllowed } from 'utils' +import { getAuthenticatedUser } from 'services/api/utils' +import { methodNotAllowed, notAuthenticated } from 'utils' const handler = async (req: NextApiRequest, res: NextApiResponse) => { - const session = await getSession({ req }) + const user = await getAuthenticatedUser(req) + if (!user) return notAuthenticated(res) - if (!session?.user) - return res.status(401).json({ message: 'Not authenticated' }) - - const user = session.user as User const parentFolderId = req.query.parentId ? req.query.parentId.toString() : null diff --git a/apps/builder/pages/api/folders/[id].ts b/apps/builder/pages/api/folders/[id].ts index 905e9709a..e8d5b07b5 100644 --- a/apps/builder/pages/api/folders/[id].ts +++ b/apps/builder/pages/api/folders/[id].ts @@ -1,18 +1,15 @@ import { withSentry } from '@sentry/nextjs' -import { DashboardFolder, User } from 'db' +import { DashboardFolder } from 'db' import prisma from 'libs/prisma' import { NextApiRequest, NextApiResponse } from 'next' -import { getSession } from 'next-auth/react' -import { methodNotAllowed } from 'utils' +import { getAuthenticatedUser } from 'services/api/utils' +import { methodNotAllowed, notAuthenticated } from 'utils' const handler = async (req: NextApiRequest, res: NextApiResponse) => { - const session = await getSession({ req }) - - if (!session?.user) - return res.status(401).json({ message: 'Not authenticated' }) + const user = await getAuthenticatedUser(req) + if (!user) return notAuthenticated(res) const id = req.query.id.toString() - const user = session.user as User if (req.method === 'GET') { const folder = await prisma.dashboardFolder.findUnique({ where: { id_ownerId: { id, ownerId: user.id } }, diff --git a/apps/builder/pages/api/integrations/google-sheets/spreadsheets.ts b/apps/builder/pages/api/integrations/google-sheets/spreadsheets.ts index 75ea83453..6162bdcde 100644 --- a/apps/builder/pages/api/integrations/google-sheets/spreadsheets.ts +++ b/apps/builder/pages/api/integrations/google-sheets/spreadsheets.ts @@ -1,18 +1,14 @@ import { NextApiRequest, NextApiResponse } from 'next' import { drive } from '@googleapis/drive' import { getAuthenticatedGoogleClient } from 'libs/google-sheets' -import { methodNotAllowed } from 'utils' -import { getSession } from 'next-auth/react' -import { User } from 'db' +import { methodNotAllowed, notAuthenticated } from 'utils' import { setUser, withSentry } from '@sentry/nextjs' +import { getAuthenticatedUser } from 'services/api/utils' const handler = async (req: NextApiRequest, res: NextApiResponse) => { - const session = await getSession({ req }) + const user = await getAuthenticatedUser(req) + if (!user) return notAuthenticated(res) - if (!session?.user) - return res.status(401).json({ message: 'Not authenticated' }) - - const user = session.user as User setUser({ email: user.email ?? undefined, id: user.id }) if (req.method === 'GET') { const credentialsId = req.query.credentialsId.toString() diff --git a/apps/builder/pages/api/integrations/google-sheets/spreadsheets/[id]/sheets.ts b/apps/builder/pages/api/integrations/google-sheets/spreadsheets/[id]/sheets.ts index dedf11926..ea69b25ce 100644 --- a/apps/builder/pages/api/integrations/google-sheets/spreadsheets/[id]/sheets.ts +++ b/apps/builder/pages/api/integrations/google-sheets/spreadsheets/[id]/sheets.ts @@ -1,18 +1,14 @@ import { NextApiRequest, NextApiResponse } from 'next' import { GoogleSpreadsheet } from 'google-spreadsheet' import { getAuthenticatedGoogleClient } from 'libs/google-sheets' -import { isDefined, methodNotAllowed } from 'utils' -import { getSession } from 'next-auth/react' -import { User } from 'db' +import { isDefined, methodNotAllowed, notAuthenticated } from 'utils' import { withSentry, setUser } from '@sentry/nextjs' +import { getAuthenticatedUser } from 'services/api/utils' const handler = async (req: NextApiRequest, res: NextApiResponse) => { - const session = await getSession({ req }) + const user = await getAuthenticatedUser(req) + if (!user) return notAuthenticated(res) - if (!session?.user) - return res.status(401).json({ message: 'Not authenticated' }) - - const user = session.user as User setUser({ email: user.email ?? undefined, id: user.id }) if (req.method === 'GET') { const credentialsId = req.query.credentialsId.toString() diff --git a/apps/builder/pages/api/publicTypebots.ts b/apps/builder/pages/api/publicTypebots.ts index d4ad66c05..a0915eade 100644 --- a/apps/builder/pages/api/publicTypebots.ts +++ b/apps/builder/pages/api/publicTypebots.ts @@ -1,15 +1,12 @@ import { withSentry } from '@sentry/nextjs' import prisma from 'libs/prisma' import { NextApiRequest, NextApiResponse } from 'next' -import { getSession } from 'next-auth/react' -import { methodNotAllowed } from 'utils' +import { getAuthenticatedUser } from 'services/api/utils' +import { methodNotAllowed, notAuthenticated } from 'utils' const handler = async (req: NextApiRequest, res: NextApiResponse) => { - const session = await getSession({ req }) - - if (!session?.user) - return res.status(401).json({ message: 'Not authenticated' }) - + const user = await getAuthenticatedUser(req) + if (!user) return notAuthenticated(res) try { if (req.method === 'POST') { const data = diff --git a/apps/builder/pages/api/publicTypebots/[id].ts b/apps/builder/pages/api/publicTypebots/[id].ts index 7b13e7e9a..e53c617ee 100644 --- a/apps/builder/pages/api/publicTypebots/[id].ts +++ b/apps/builder/pages/api/publicTypebots/[id].ts @@ -1,14 +1,12 @@ import { withSentry } from '@sentry/nextjs' import prisma from 'libs/prisma' import { NextApiRequest, NextApiResponse } from 'next' -import { getSession } from 'next-auth/react' -import { methodNotAllowed } from 'utils' +import { getAuthenticatedUser } from 'services/api/utils' +import { methodNotAllowed, notAuthenticated } from 'utils' const handler = async (req: NextApiRequest, res: NextApiResponse) => { - const session = await getSession({ req }) - - if (!session?.user) - return res.status(401).json({ message: 'Not authenticated' }) + const user = await getAuthenticatedUser(req) + if (!user) return notAuthenticated(res) const id = req.query.id.toString() if (req.method === 'PUT') { diff --git a/apps/builder/pages/api/typebots.ts b/apps/builder/pages/api/typebots.ts index 72c563dd2..8dbb5c05e 100644 --- a/apps/builder/pages/api/typebots.ts +++ b/apps/builder/pages/api/typebots.ts @@ -1,17 +1,14 @@ import { withSentry } from '@sentry/nextjs' -import { Prisma, User } from 'db' +import { Prisma } from 'db' import prisma from 'libs/prisma' import { NextApiRequest, NextApiResponse } from 'next' -import { getSession } from 'next-auth/react' +import { getAuthenticatedUser } from 'services/api/utils' import { parseNewTypebot } from 'services/typebots/typebots' -import { methodNotAllowed } from 'utils' +import { methodNotAllowed, notAuthenticated } from 'utils' const handler = async (req: NextApiRequest, res: NextApiResponse) => { - const session = await getSession({ req }) - if (!session?.user) - return res.status(401).json({ message: 'Not authenticated' }) - const user = session.user as User - if (!user.id) return res.status(401).json({ message: 'Not authenticated' }) + const user = await getAuthenticatedUser(req) + if (!user) return notAuthenticated(res) try { if (req.method === 'GET') { const folderId = req.query.folderId ? req.query.folderId.toString() : null diff --git a/apps/builder/pages/api/typebots/[typebotId].ts b/apps/builder/pages/api/typebots/[typebotId].ts index f666cdedd..bbb344f9b 100644 --- a/apps/builder/pages/api/typebots/[typebotId].ts +++ b/apps/builder/pages/api/typebots/[typebotId].ts @@ -2,19 +2,16 @@ import { withSentry } from '@sentry/nextjs' import { CollaborationType, Prisma, User } from 'db' import prisma from 'libs/prisma' import { NextApiRequest, NextApiResponse } from 'next' -import { getSession } from 'next-auth/react' -import { methodNotAllowed } from 'utils' +import { getAuthenticatedUser } from 'services/api/utils' +import { methodNotAllowed, notAuthenticated } from 'utils' const adminEmail = 'contact@baptiste-arnaud.fr' const handler = async (req: NextApiRequest, res: NextApiResponse) => { - const session = await getSession({ req }) - - if (!session?.user) - return res.status(401).json({ message: 'Not authenticated' }) + const user = await getAuthenticatedUser(req) + if (!user) return notAuthenticated(res) const typebotId = req.query.typebotId.toString() - const user = session.user as User if (req.method === 'GET') { const typebot = await prisma.typebot.findFirst({ where: parseWhereFilter(typebotId, user, 'read'), diff --git a/apps/builder/pages/api/typebots/[typebotId]/collaborators copy/[userId].ts b/apps/builder/pages/api/typebots/[typebotId]/collaborators copy/[userId].ts deleted file mode 100644 index 7b617bdd9..000000000 --- a/apps/builder/pages/api/typebots/[typebotId]/collaborators copy/[userId].ts +++ /dev/null @@ -1,34 +0,0 @@ -import { withSentry } from '@sentry/nextjs' -import prisma from 'libs/prisma' -import { NextApiRequest, NextApiResponse } from 'next' -import { getAuthenticatedUser } from 'services/api/utils' -import { methodNotAllowed, notAuthenticated } from 'utils' - -const handler = async (req: NextApiRequest, res: NextApiResponse) => { - const user = await getAuthenticatedUser(req) - if (!user) return notAuthenticated(res) - const typebotId = req.query.typebotId as string - const userId = req.query.userId as string - if (req.method === 'PUT') { - const data = req.body - await prisma.collaboratorsOnTypebots.upsert({ - where: { userId_typebotId: { typebotId, userId } }, - create: data, - update: data, - }) - return res.send({ - message: 'success', - }) - } - if (req.method === 'DELETE') { - await prisma.collaboratorsOnTypebots.delete({ - where: { userId_typebotId: { typebotId, userId } }, - }) - return res.send({ - message: 'success', - }) - } - methodNotAllowed(res) -} - -export default withSentry(handler) diff --git a/apps/builder/pages/api/typebots/[typebotId]/results.ts b/apps/builder/pages/api/typebots/[typebotId]/results.ts index 407df46ef..4f8caac79 100644 --- a/apps/builder/pages/api/typebots/[typebotId]/results.ts +++ b/apps/builder/pages/api/typebots/[typebotId]/results.ts @@ -1,20 +1,15 @@ import { withSentry } from '@sentry/nextjs' -import { User } from 'db' import prisma from 'libs/prisma' import { NextApiRequest, NextApiResponse } from 'next' -import { getSession } from 'next-auth/react' +import { getAuthenticatedUser } from 'services/api/utils' import { isFreePlan } from 'services/user/user' -import { methodNotAllowed } from 'utils' +import { methodNotAllowed, notAuthenticated } from 'utils' const adminEmail = 'contact@baptiste-arnaud.fr' const handler = async (req: NextApiRequest, res: NextApiResponse) => { - const session = await getSession({ req }) - - if (!session?.user) - return res.status(401).send({ message: 'Not authenticated' }) - - const user = session.user as User + const user = await getAuthenticatedUser(req) + if (!user) return notAuthenticated(res) if (req.method === 'GET') { const typebotId = req.query.typebotId.toString() const lastResultId = req.query.lastResultId?.toString() diff --git a/apps/builder/pages/api/typebots/[typebotId]/results/answers/count.ts b/apps/builder/pages/api/typebots/[typebotId]/results/answers/count.ts index af61276a1..239e25a65 100644 --- a/apps/builder/pages/api/typebots/[typebotId]/results/answers/count.ts +++ b/apps/builder/pages/api/typebots/[typebotId]/results/answers/count.ts @@ -1,18 +1,13 @@ import { PublicTypebot } from 'models' -import { User } from 'db' import prisma from 'libs/prisma' import { NextApiRequest, NextApiResponse } from 'next' -import { getSession } from 'next-auth/react' -import { methodNotAllowed } from 'utils' +import { methodNotAllowed, notAuthenticated } from 'utils' import { withSentry } from '@sentry/nextjs' +import { getAuthenticatedUser } from 'services/api/utils' const handler = async (req: NextApiRequest, res: NextApiResponse) => { - const session = await getSession({ req }) - - if (!session?.user) - return res.status(401).send({ message: 'Not authenticated' }) - - const user = session.user as User + const user = await getAuthenticatedUser(req) + if (!user) return notAuthenticated(res) if (req.method === 'GET') { const typebotId = req.query.typebotId.toString() const typebot = await prisma.typebot.findUnique({ diff --git a/apps/builder/pages/api/typebots/[typebotId]/results/stats.ts b/apps/builder/pages/api/typebots/[typebotId]/results/stats.ts index 667e0b787..29fc6d4f3 100644 --- a/apps/builder/pages/api/typebots/[typebotId]/results/stats.ts +++ b/apps/builder/pages/api/typebots/[typebotId]/results/stats.ts @@ -1,18 +1,13 @@ import { withSentry } from '@sentry/nextjs' -import { User } from 'db' import prisma from 'libs/prisma' import { Stats } from 'models' import { NextApiRequest, NextApiResponse } from 'next' -import { getSession } from 'next-auth/react' -import { methodNotAllowed } from 'utils' +import { getAuthenticatedUser } from 'services/api/utils' +import { methodNotAllowed, notAuthenticated } from 'utils' const handler = async (req: NextApiRequest, res: NextApiResponse) => { - const session = await getSession({ req }) - - if (!session?.user) - return res.status(401).send({ message: 'Not authenticated' }) - - const user = session.user as User + const user = await getAuthenticatedUser(req) + if (!user) return notAuthenticated(res) if (req.method === 'GET') { const typebotId = req.query.typebotId.toString() diff --git a/apps/builder/pages/api/users/[id].ts b/apps/builder/pages/api/users/[id].ts index 36ca883e9..18632ffe7 100644 --- a/apps/builder/pages/api/users/[id].ts +++ b/apps/builder/pages/api/users/[id].ts @@ -1,14 +1,12 @@ import { withSentry } from '@sentry/nextjs' import prisma from 'libs/prisma' import { NextApiRequest, NextApiResponse } from 'next' -import { getSession } from 'next-auth/react' -import { methodNotAllowed } from 'utils' +import { getAuthenticatedUser } from 'services/api/utils' +import { methodNotAllowed, notAuthenticated } from 'utils' const handler = async (req: NextApiRequest, res: NextApiResponse) => { - const session = await getSession({ req }) - - if (!session?.user) - return res.status(401).json({ message: 'Not authenticated' }) + const user = await getAuthenticatedUser(req) + if (!user) return notAuthenticated(res) const id = req.query.id.toString() if (req.method === 'PUT') { diff --git a/apps/builder/pages/api/users/[id]/credentials.ts b/apps/builder/pages/api/users/[id]/credentials.ts index a4c1ff5ba..b55372186 100644 --- a/apps/builder/pages/api/users/[id]/credentials.ts +++ b/apps/builder/pages/api/users/[id]/credentials.ts @@ -1,18 +1,14 @@ import { withSentry } from '@sentry/nextjs' -import { Prisma, User } from 'db' +import { Prisma } from 'db' import prisma from 'libs/prisma' import { Credentials } from 'models' import { NextApiRequest, NextApiResponse } from 'next' -import { getSession } from 'next-auth/react' -import { encrypt, methodNotAllowed } from 'utils' +import { getAuthenticatedUser } from 'services/api/utils' +import { encrypt, methodNotAllowed, notAuthenticated } from 'utils' const handler = async (req: NextApiRequest, res: NextApiResponse) => { - const session = await getSession({ req }) - - if (!session?.user) - return res.status(401).json({ message: 'Not authenticated' }) - - const user = session.user as User + const user = await getAuthenticatedUser(req) + if (!user) return notAuthenticated(res) const id = req.query.id.toString() if (user.id !== id) return res.status(401).send({ message: 'Forbidden' }) if (req.method === 'GET') { diff --git a/apps/builder/pages/api/users/[id]/credentials/[credentialsId].ts b/apps/builder/pages/api/users/[id]/credentials/[credentialsId].ts index da9518f9a..2cb89ac8c 100644 --- a/apps/builder/pages/api/users/[id]/credentials/[credentialsId].ts +++ b/apps/builder/pages/api/users/[id]/credentials/[credentialsId].ts @@ -1,17 +1,12 @@ import { withSentry } from '@sentry/nextjs' -import { User } from 'db' import prisma from 'libs/prisma' import { NextApiRequest, NextApiResponse } from 'next' -import { getSession } from 'next-auth/react' -import { methodNotAllowed } from 'utils' +import { getAuthenticatedUser } from 'services/api/utils' +import { methodNotAllowed, notAuthenticated } from 'utils' const handler = async (req: NextApiRequest, res: NextApiResponse) => { - const session = await getSession({ req }) - - if (!session?.user) - return res.status(401).json({ message: 'Not authenticated' }) - - const user = session.user as User + const user = await getAuthenticatedUser(req) + if (!user) return notAuthenticated(res) const id = req.query.id.toString() if (user.id !== id) return res.status(401).send({ message: 'Forbidden' }) if (req.method === 'DELETE') { diff --git a/apps/builder/pages/api/users/[id]/customDomains.ts b/apps/builder/pages/api/users/[id]/customDomains.ts index 9bae9e62a..f8ebc4d74 100644 --- a/apps/builder/pages/api/users/[id]/customDomains.ts +++ b/apps/builder/pages/api/users/[id]/customDomains.ts @@ -1,18 +1,14 @@ import { withSentry } from '@sentry/nextjs' -import { CustomDomain, Prisma, User } from 'db' +import { CustomDomain, Prisma } from 'db' import { got, HTTPError } from 'got' import prisma from 'libs/prisma' import { NextApiRequest, NextApiResponse } from 'next' -import { getSession } from 'next-auth/react' -import { methodNotAllowed } from 'utils' +import { getAuthenticatedUser } from 'services/api/utils' +import { methodNotAllowed, notAuthenticated } from 'utils' const handler = async (req: NextApiRequest, res: NextApiResponse) => { - const session = await getSession({ req }) - - if (!session?.user) - return res.status(401).json({ message: 'Not authenticated' }) - - const user = session.user as User + const user = await getAuthenticatedUser(req) + if (!user) return notAuthenticated(res) const id = req.query.id.toString() if (user.id !== id) return res.status(401).send({ message: 'Forbidden' }) if (req.method === 'GET') { diff --git a/apps/builder/pages/api/users/[id]/customDomains/[domain].ts b/apps/builder/pages/api/users/[id]/customDomains/[domain].ts index 93d962138..63f72a2a1 100644 --- a/apps/builder/pages/api/users/[id]/customDomains/[domain].ts +++ b/apps/builder/pages/api/users/[id]/customDomains/[domain].ts @@ -1,18 +1,13 @@ import { withSentry } from '@sentry/nextjs' -import { User } from 'db' import prisma from 'libs/prisma' import { NextApiRequest, NextApiResponse } from 'next' -import { getSession } from 'next-auth/react' -import { methodNotAllowed } from 'utils' +import { methodNotAllowed, notAuthenticated } from 'utils' import { got } from 'got' +import { getAuthenticatedUser } from 'services/api/utils' const handler = async (req: NextApiRequest, res: NextApiResponse) => { - const session = await getSession({ req }) - - if (!session?.user) - return res.status(401).json({ message: 'Not authenticated' }) - - const user = session.user as User + const user = await getAuthenticatedUser(req) + if (!user) return notAuthenticated(res) const id = req.query.id.toString() if (user.id !== id) return res.status(401).send({ message: 'Forbidden' }) if (req.method === 'DELETE') { diff --git a/apps/builder/services/api/utils.ts b/apps/builder/services/api/utils.ts index 1a328271e..dd8740f65 100644 --- a/apps/builder/services/api/utils.ts +++ b/apps/builder/services/api/utils.ts @@ -6,6 +6,6 @@ export const getAuthenticatedUser = async ( req: NextApiRequest ): Promise => { const session = await getSession({ req }) - if (session?.user && !('id' in session.user)) return + if (!session?.user || !('id' in session.user)) return return session?.user as User }