build: 🔒️ Add extra user check in api
This commit is contained in:
Baptiste Arnaud
@ -1,17 +1,14 @@
|
||||
import { withSentry } from '@sentry/nextjs'
|
||||
import { Prisma, User } from 'db'
|
||||
import { Prisma } from 'db'
|
||||
import prisma from 'libs/prisma'
|
||||
import { NextApiRequest, NextApiResponse } from 'next'
|
||||
import { getSession } from 'next-auth/react'
|
||||
import { getAuthenticatedUser } from 'services/api/utils'
|
||||
import { notAuthenticated } from 'utils'
|
||||
|
||||
const handler = async (req: NextApiRequest, res: NextApiResponse) => {
|
||||
if (req.method === 'POST') {
|
||||
const session = await getSession({ req })
|
||||
|
||||
if (!session?.user)
|
||||
return res.status(401).json({ message: 'Not authenticated' })
|
||||
|
||||
const user = session.user as User
|
||||
const user = await getAuthenticatedUser(req)
|
||||
if (!user) return notAuthenticated(res)
|
||||
const { code } =
|
||||
typeof req.body === 'string' ? JSON.parse(req.body) : req.body
|
||||
const coupon = await prisma.coupon.findFirst({
|
||||
|
||||
@ -1,16 +1,17 @@
|
||||
import { NextApiRequest, NextApiResponse } from 'next'
|
||||
import { getSession } from 'next-auth/react'
|
||||
import { Prisma, User } from 'db'
|
||||
import { Prisma } from 'db'
|
||||
import prisma from 'libs/prisma'
|
||||
import { googleSheetsScopes } from './consent-url'
|
||||
import { stringify } from 'querystring'
|
||||
import { CredentialsType } from 'models'
|
||||
import { encrypt } from 'utils'
|
||||
import { encrypt, notAuthenticated } from 'utils'
|
||||
import { oauth2Client } from 'libs/google-sheets'
|
||||
import { withSentry } from '@sentry/nextjs'
|
||||
import { getAuthenticatedUser } from 'services/api/utils'
|
||||
|
||||
const handler = async (req: NextApiRequest, res: NextApiResponse) => {
|
||||
const session = await getSession({ req })
|
||||
const user = await getAuthenticatedUser(req)
|
||||
if (!user) return notAuthenticated(res)
|
||||
const { redirectUrl, stepId } = JSON.parse(
|
||||
Buffer.from(req.query.state.toString(), 'base64').toString()
|
||||
)
|
||||
@ -18,9 +19,6 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => {
|
||||
const code = req.query.code.toString()
|
||||
if (!code)
|
||||
return res.status(400).send({ message: "Bad request, couldn't get code" })
|
||||
if (!session?.user)
|
||||
return res.status(401).json({ message: 'Not authenticated' })
|
||||
const user = session.user as User
|
||||
const { tokens } = await oauth2Client.getToken(code)
|
||||
if (!tokens?.access_token) {
|
||||
console.error('Error getting oAuth tokens:')
|
||||
|
||||
@ -1,17 +1,14 @@
|
||||
import { withSentry } from '@sentry/nextjs'
|
||||
import { DashboardFolder, User } from 'db'
|
||||
import { DashboardFolder } from 'db'
|
||||
import prisma from 'libs/prisma'
|
||||
import { NextApiRequest, NextApiResponse } from 'next'
|
||||
import { getSession } from 'next-auth/react'
|
||||
import { methodNotAllowed } from 'utils'
|
||||
import { getAuthenticatedUser } from 'services/api/utils'
|
||||
import { methodNotAllowed, notAuthenticated } from 'utils'
|
||||
|
||||
const handler = async (req: NextApiRequest, res: NextApiResponse) => {
|
||||
const session = await getSession({ req })
|
||||
const user = await getAuthenticatedUser(req)
|
||||
if (!user) return notAuthenticated(res)
|
||||
|
||||
if (!session?.user)
|
||||
return res.status(401).json({ message: 'Not authenticated' })
|
||||
|
||||
const user = session.user as User
|
||||
const parentFolderId = req.query.parentId
|
||||
? req.query.parentId.toString()
|
||||
: null
|
||||
|
||||
@ -1,18 +1,15 @@
|
||||
import { withSentry } from '@sentry/nextjs'
|
||||
import { DashboardFolder, User } from 'db'
|
||||
import { DashboardFolder } from 'db'
|
||||
import prisma from 'libs/prisma'
|
||||
import { NextApiRequest, NextApiResponse } from 'next'
|
||||
import { getSession } from 'next-auth/react'
|
||||
import { methodNotAllowed } from 'utils'
|
||||
import { getAuthenticatedUser } from 'services/api/utils'
|
||||
import { methodNotAllowed, notAuthenticated } from 'utils'
|
||||
|
||||
const handler = async (req: NextApiRequest, res: NextApiResponse) => {
|
||||
const session = await getSession({ req })
|
||||
|
||||
if (!session?.user)
|
||||
return res.status(401).json({ message: 'Not authenticated' })
|
||||
const user = await getAuthenticatedUser(req)
|
||||
if (!user) return notAuthenticated(res)
|
||||
|
||||
const id = req.query.id.toString()
|
||||
const user = session.user as User
|
||||
if (req.method === 'GET') {
|
||||
const folder = await prisma.dashboardFolder.findUnique({
|
||||
where: { id_ownerId: { id, ownerId: user.id } },
|
||||
|
||||
@ -1,18 +1,14 @@
|
||||
import { NextApiRequest, NextApiResponse } from 'next'
|
||||
import { drive } from '@googleapis/drive'
|
||||
import { getAuthenticatedGoogleClient } from 'libs/google-sheets'
|
||||
import { methodNotAllowed } from 'utils'
|
||||
import { getSession } from 'next-auth/react'
|
||||
import { User } from 'db'
|
||||
import { methodNotAllowed, notAuthenticated } from 'utils'
|
||||
import { setUser, withSentry } from '@sentry/nextjs'
|
||||
import { getAuthenticatedUser } from 'services/api/utils'
|
||||
|
||||
const handler = async (req: NextApiRequest, res: NextApiResponse) => {
|
||||
const session = await getSession({ req })
|
||||
const user = await getAuthenticatedUser(req)
|
||||
if (!user) return notAuthenticated(res)
|
||||
|
||||
if (!session?.user)
|
||||
return res.status(401).json({ message: 'Not authenticated' })
|
||||
|
||||
const user = session.user as User
|
||||
setUser({ email: user.email ?? undefined, id: user.id })
|
||||
if (req.method === 'GET') {
|
||||
const credentialsId = req.query.credentialsId.toString()
|
||||
|
||||
@ -1,18 +1,14 @@
|
||||
import { NextApiRequest, NextApiResponse } from 'next'
|
||||
import { GoogleSpreadsheet } from 'google-spreadsheet'
|
||||
import { getAuthenticatedGoogleClient } from 'libs/google-sheets'
|
||||
import { isDefined, methodNotAllowed } from 'utils'
|
||||
import { getSession } from 'next-auth/react'
|
||||
import { User } from 'db'
|
||||
import { isDefined, methodNotAllowed, notAuthenticated } from 'utils'
|
||||
import { withSentry, setUser } from '@sentry/nextjs'
|
||||
import { getAuthenticatedUser } from 'services/api/utils'
|
||||
|
||||
const handler = async (req: NextApiRequest, res: NextApiResponse) => {
|
||||
const session = await getSession({ req })
|
||||
const user = await getAuthenticatedUser(req)
|
||||
if (!user) return notAuthenticated(res)
|
||||
|
||||
if (!session?.user)
|
||||
return res.status(401).json({ message: 'Not authenticated' })
|
||||
|
||||
const user = session.user as User
|
||||
setUser({ email: user.email ?? undefined, id: user.id })
|
||||
if (req.method === 'GET') {
|
||||
const credentialsId = req.query.credentialsId.toString()
|
||||
|
||||
@ -1,15 +1,12 @@
|
||||
import { withSentry } from '@sentry/nextjs'
|
||||
import prisma from 'libs/prisma'
|
||||
import { NextApiRequest, NextApiResponse } from 'next'
|
||||
import { getSession } from 'next-auth/react'
|
||||
import { methodNotAllowed } from 'utils'
|
||||
import { getAuthenticatedUser } from 'services/api/utils'
|
||||
import { methodNotAllowed, notAuthenticated } from 'utils'
|
||||
|
||||
const handler = async (req: NextApiRequest, res: NextApiResponse) => {
|
||||
const session = await getSession({ req })
|
||||
|
||||
if (!session?.user)
|
||||
return res.status(401).json({ message: 'Not authenticated' })
|
||||
|
||||
const user = await getAuthenticatedUser(req)
|
||||
if (!user) return notAuthenticated(res)
|
||||
try {
|
||||
if (req.method === 'POST') {
|
||||
const data =
|
||||
|
||||
@ -1,14 +1,12 @@
|
||||
import { withSentry } from '@sentry/nextjs'
|
||||
import prisma from 'libs/prisma'
|
||||
import { NextApiRequest, NextApiResponse } from 'next'
|
||||
import { getSession } from 'next-auth/react'
|
||||
import { methodNotAllowed } from 'utils'
|
||||
import { getAuthenticatedUser } from 'services/api/utils'
|
||||
import { methodNotAllowed, notAuthenticated } from 'utils'
|
||||
|
||||
const handler = async (req: NextApiRequest, res: NextApiResponse) => {
|
||||
const session = await getSession({ req })
|
||||
|
||||
if (!session?.user)
|
||||
return res.status(401).json({ message: 'Not authenticated' })
|
||||
const user = await getAuthenticatedUser(req)
|
||||
if (!user) return notAuthenticated(res)
|
||||
|
||||
const id = req.query.id.toString()
|
||||
if (req.method === 'PUT') {
|
||||
|
||||
@ -1,17 +1,14 @@
|
||||
import { withSentry } from '@sentry/nextjs'
|
||||
import { Prisma, User } from 'db'
|
||||
import { Prisma } from 'db'
|
||||
import prisma from 'libs/prisma'
|
||||
import { NextApiRequest, NextApiResponse } from 'next'
|
||||
import { getSession } from 'next-auth/react'
|
||||
import { getAuthenticatedUser } from 'services/api/utils'
|
||||
import { parseNewTypebot } from 'services/typebots/typebots'
|
||||
import { methodNotAllowed } from 'utils'
|
||||
import { methodNotAllowed, notAuthenticated } from 'utils'
|
||||
|
||||
const handler = async (req: NextApiRequest, res: NextApiResponse) => {
|
||||
const session = await getSession({ req })
|
||||
if (!session?.user)
|
||||
return res.status(401).json({ message: 'Not authenticated' })
|
||||
const user = session.user as User
|
||||
if (!user.id) return res.status(401).json({ message: 'Not authenticated' })
|
||||
const user = await getAuthenticatedUser(req)
|
||||
if (!user) return notAuthenticated(res)
|
||||
try {
|
||||
if (req.method === 'GET') {
|
||||
const folderId = req.query.folderId ? req.query.folderId.toString() : null
|
||||
|
||||
@ -2,19 +2,16 @@ import { withSentry } from '@sentry/nextjs'
|
||||
import { CollaborationType, Prisma, User } from 'db'
|
||||
import prisma from 'libs/prisma'
|
||||
import { NextApiRequest, NextApiResponse } from 'next'
|
||||
import { getSession } from 'next-auth/react'
|
||||
import { methodNotAllowed } from 'utils'
|
||||
import { getAuthenticatedUser } from 'services/api/utils'
|
||||
import { methodNotAllowed, notAuthenticated } from 'utils'
|
||||
|
||||
const adminEmail = 'contact@baptiste-arnaud.fr'
|
||||
|
||||
const handler = async (req: NextApiRequest, res: NextApiResponse) => {
|
||||
const session = await getSession({ req })
|
||||
|
||||
if (!session?.user)
|
||||
return res.status(401).json({ message: 'Not authenticated' })
|
||||
const user = await getAuthenticatedUser(req)
|
||||
if (!user) return notAuthenticated(res)
|
||||
|
||||
const typebotId = req.query.typebotId.toString()
|
||||
const user = session.user as User
|
||||
if (req.method === 'GET') {
|
||||
const typebot = await prisma.typebot.findFirst({
|
||||
where: parseWhereFilter(typebotId, user, 'read'),
|
||||
|
||||
@ -1,34 +0,0 @@
|
||||
import { withSentry } from '@sentry/nextjs'
|
||||
import prisma from 'libs/prisma'
|
||||
import { NextApiRequest, NextApiResponse } from 'next'
|
||||
import { getAuthenticatedUser } from 'services/api/utils'
|
||||
import { methodNotAllowed, notAuthenticated } from 'utils'
|
||||
|
||||
const handler = async (req: NextApiRequest, res: NextApiResponse) => {
|
||||
const user = await getAuthenticatedUser(req)
|
||||
if (!user) return notAuthenticated(res)
|
||||
const typebotId = req.query.typebotId as string
|
||||
const userId = req.query.userId as string
|
||||
if (req.method === 'PUT') {
|
||||
const data = req.body
|
||||
await prisma.collaboratorsOnTypebots.upsert({
|
||||
where: { userId_typebotId: { typebotId, userId } },
|
||||
create: data,
|
||||
update: data,
|
||||
})
|
||||
return res.send({
|
||||
message: 'success',
|
||||
})
|
||||
}
|
||||
if (req.method === 'DELETE') {
|
||||
await prisma.collaboratorsOnTypebots.delete({
|
||||
where: { userId_typebotId: { typebotId, userId } },
|
||||
})
|
||||
return res.send({
|
||||
message: 'success',
|
||||
})
|
||||
}
|
||||
methodNotAllowed(res)
|
||||
}
|
||||
|
||||
export default withSentry(handler)
|
||||
@ -1,20 +1,15 @@
|
||||
import { withSentry } from '@sentry/nextjs'
|
||||
import { User } from 'db'
|
||||
import prisma from 'libs/prisma'
|
||||
import { NextApiRequest, NextApiResponse } from 'next'
|
||||
import { getSession } from 'next-auth/react'
|
||||
import { getAuthenticatedUser } from 'services/api/utils'
|
||||
import { isFreePlan } from 'services/user/user'
|
||||
import { methodNotAllowed } from 'utils'
|
||||
import { methodNotAllowed, notAuthenticated } from 'utils'
|
||||
|
||||
const adminEmail = 'contact@baptiste-arnaud.fr'
|
||||
|
||||
const handler = async (req: NextApiRequest, res: NextApiResponse) => {
|
||||
const session = await getSession({ req })
|
||||
|
||||
if (!session?.user)
|
||||
return res.status(401).send({ message: 'Not authenticated' })
|
||||
|
||||
const user = session.user as User
|
||||
const user = await getAuthenticatedUser(req)
|
||||
if (!user) return notAuthenticated(res)
|
||||
if (req.method === 'GET') {
|
||||
const typebotId = req.query.typebotId.toString()
|
||||
const lastResultId = req.query.lastResultId?.toString()
|
||||
|
||||
@ -1,18 +1,13 @@
|
||||
import { PublicTypebot } from 'models'
|
||||
import { User } from 'db'
|
||||
import prisma from 'libs/prisma'
|
||||
import { NextApiRequest, NextApiResponse } from 'next'
|
||||
import { getSession } from 'next-auth/react'
|
||||
import { methodNotAllowed } from 'utils'
|
||||
import { methodNotAllowed, notAuthenticated } from 'utils'
|
||||
import { withSentry } from '@sentry/nextjs'
|
||||
import { getAuthenticatedUser } from 'services/api/utils'
|
||||
|
||||
const handler = async (req: NextApiRequest, res: NextApiResponse) => {
|
||||
const session = await getSession({ req })
|
||||
|
||||
if (!session?.user)
|
||||
return res.status(401).send({ message: 'Not authenticated' })
|
||||
|
||||
const user = session.user as User
|
||||
const user = await getAuthenticatedUser(req)
|
||||
if (!user) return notAuthenticated(res)
|
||||
if (req.method === 'GET') {
|
||||
const typebotId = req.query.typebotId.toString()
|
||||
const typebot = await prisma.typebot.findUnique({
|
||||
|
||||
@ -1,18 +1,13 @@
|
||||
import { withSentry } from '@sentry/nextjs'
|
||||
import { User } from 'db'
|
||||
import prisma from 'libs/prisma'
|
||||
import { Stats } from 'models'
|
||||
import { NextApiRequest, NextApiResponse } from 'next'
|
||||
import { getSession } from 'next-auth/react'
|
||||
import { methodNotAllowed } from 'utils'
|
||||
import { getAuthenticatedUser } from 'services/api/utils'
|
||||
import { methodNotAllowed, notAuthenticated } from 'utils'
|
||||
|
||||
const handler = async (req: NextApiRequest, res: NextApiResponse) => {
|
||||
const session = await getSession({ req })
|
||||
|
||||
if (!session?.user)
|
||||
return res.status(401).send({ message: 'Not authenticated' })
|
||||
|
||||
const user = session.user as User
|
||||
const user = await getAuthenticatedUser(req)
|
||||
if (!user) return notAuthenticated(res)
|
||||
if (req.method === 'GET') {
|
||||
const typebotId = req.query.typebotId.toString()
|
||||
|
||||
|
||||
@ -1,14 +1,12 @@
|
||||
import { withSentry } from '@sentry/nextjs'
|
||||
import prisma from 'libs/prisma'
|
||||
import { NextApiRequest, NextApiResponse } from 'next'
|
||||
import { getSession } from 'next-auth/react'
|
||||
import { methodNotAllowed } from 'utils'
|
||||
import { getAuthenticatedUser } from 'services/api/utils'
|
||||
import { methodNotAllowed, notAuthenticated } from 'utils'
|
||||
|
||||
const handler = async (req: NextApiRequest, res: NextApiResponse) => {
|
||||
const session = await getSession({ req })
|
||||
|
||||
if (!session?.user)
|
||||
return res.status(401).json({ message: 'Not authenticated' })
|
||||
const user = await getAuthenticatedUser(req)
|
||||
if (!user) return notAuthenticated(res)
|
||||
|
||||
const id = req.query.id.toString()
|
||||
if (req.method === 'PUT') {
|
||||
|
||||
@ -1,18 +1,14 @@
|
||||
import { withSentry } from '@sentry/nextjs'
|
||||
import { Prisma, User } from 'db'
|
||||
import { Prisma } from 'db'
|
||||
import prisma from 'libs/prisma'
|
||||
import { Credentials } from 'models'
|
||||
import { NextApiRequest, NextApiResponse } from 'next'
|
||||
import { getSession } from 'next-auth/react'
|
||||
import { encrypt, methodNotAllowed } from 'utils'
|
||||
import { getAuthenticatedUser } from 'services/api/utils'
|
||||
import { encrypt, methodNotAllowed, notAuthenticated } from 'utils'
|
||||
|
||||
const handler = async (req: NextApiRequest, res: NextApiResponse) => {
|
||||
const session = await getSession({ req })
|
||||
|
||||
if (!session?.user)
|
||||
return res.status(401).json({ message: 'Not authenticated' })
|
||||
|
||||
const user = session.user as User
|
||||
const user = await getAuthenticatedUser(req)
|
||||
if (!user) return notAuthenticated(res)
|
||||
const id = req.query.id.toString()
|
||||
if (user.id !== id) return res.status(401).send({ message: 'Forbidden' })
|
||||
if (req.method === 'GET') {
|
||||
|
||||
@ -1,17 +1,12 @@
|
||||
import { withSentry } from '@sentry/nextjs'
|
||||
import { User } from 'db'
|
||||
import prisma from 'libs/prisma'
|
||||
import { NextApiRequest, NextApiResponse } from 'next'
|
||||
import { getSession } from 'next-auth/react'
|
||||
import { methodNotAllowed } from 'utils'
|
||||
import { getAuthenticatedUser } from 'services/api/utils'
|
||||
import { methodNotAllowed, notAuthenticated } from 'utils'
|
||||
|
||||
const handler = async (req: NextApiRequest, res: NextApiResponse) => {
|
||||
const session = await getSession({ req })
|
||||
|
||||
if (!session?.user)
|
||||
return res.status(401).json({ message: 'Not authenticated' })
|
||||
|
||||
const user = session.user as User
|
||||
const user = await getAuthenticatedUser(req)
|
||||
if (!user) return notAuthenticated(res)
|
||||
const id = req.query.id.toString()
|
||||
if (user.id !== id) return res.status(401).send({ message: 'Forbidden' })
|
||||
if (req.method === 'DELETE') {
|
||||
|
||||
@ -1,18 +1,14 @@
|
||||
import { withSentry } from '@sentry/nextjs'
|
||||
import { CustomDomain, Prisma, User } from 'db'
|
||||
import { CustomDomain, Prisma } from 'db'
|
||||
import { got, HTTPError } from 'got'
|
||||
import prisma from 'libs/prisma'
|
||||
import { NextApiRequest, NextApiResponse } from 'next'
|
||||
import { getSession } from 'next-auth/react'
|
||||
import { methodNotAllowed } from 'utils'
|
||||
import { getAuthenticatedUser } from 'services/api/utils'
|
||||
import { methodNotAllowed, notAuthenticated } from 'utils'
|
||||
|
||||
const handler = async (req: NextApiRequest, res: NextApiResponse) => {
|
||||
const session = await getSession({ req })
|
||||
|
||||
if (!session?.user)
|
||||
return res.status(401).json({ message: 'Not authenticated' })
|
||||
|
||||
const user = session.user as User
|
||||
const user = await getAuthenticatedUser(req)
|
||||
if (!user) return notAuthenticated(res)
|
||||
const id = req.query.id.toString()
|
||||
if (user.id !== id) return res.status(401).send({ message: 'Forbidden' })
|
||||
if (req.method === 'GET') {
|
||||
|
||||
@ -1,18 +1,13 @@
|
||||
import { withSentry } from '@sentry/nextjs'
|
||||
import { User } from 'db'
|
||||
import prisma from 'libs/prisma'
|
||||
import { NextApiRequest, NextApiResponse } from 'next'
|
||||
import { getSession } from 'next-auth/react'
|
||||
import { methodNotAllowed } from 'utils'
|
||||
import { methodNotAllowed, notAuthenticated } from 'utils'
|
||||
import { got } from 'got'
|
||||
import { getAuthenticatedUser } from 'services/api/utils'
|
||||
|
||||
const handler = async (req: NextApiRequest, res: NextApiResponse) => {
|
||||
const session = await getSession({ req })
|
||||
|
||||
if (!session?.user)
|
||||
return res.status(401).json({ message: 'Not authenticated' })
|
||||
|
||||
const user = session.user as User
|
||||
const user = await getAuthenticatedUser(req)
|
||||
if (!user) return notAuthenticated(res)
|
||||
const id = req.query.id.toString()
|
||||
if (user.id !== id) return res.status(401).send({ message: 'Forbidden' })
|
||||
if (req.method === 'DELETE') {
|
||||
|
||||
Reference in New Issue
Block a user