blsmedia/bot
2
0
Fork 0
Code Activity

fix: 🛂 Protect from others to consult typebots and folders

Browse Source
This commit is contained in:
Baptiste Arnaud
2022-02-18 18:18:38 +01:00
parent 7402ad5f6d
commit f6d5eb5777
4 changed files with 30 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
apps/builder/pages/api/folders/[id].ts
View File

@ -1,5 +1,5 @@
import { withSentry } from '@sentry/nextjs'
import { DashboardFolder } from 'db'
import { DashboardFolder, User } from 'db'
import prisma from 'libs/prisma'
import { NextApiRequest, NextApiResponse } from 'next'
import { getSession } from 'next-auth/react'
@ -12,22 +12,23 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => {
return res.status(401).json({ message: 'Not authenticated' })
const id = req.query.id.toString()
const user = session.user as User
if (req.method === 'GET') {
const folder = await prisma.dashboardFolder.findUnique({
where: { id },
where: { id_ownerId: { id, ownerId: user.id } },
})
return res.send({ folder })
}
if (req.method === 'DELETE') {
const folders = await prisma.dashboardFolder.delete({
where: { id },
where: { id_ownerId: { id, ownerId: user.id } },
})
return res.send({ folders })
}
if (req.method === 'PATCH') {
const data = JSON.parse(req.body) as Partial<DashboardFolder>
const folders = await prisma.dashboardFolder.update({
where: { id },
where: { id_ownerId: { id, ownerId: user.id } },
data,
})
return res.send({ typebots: folders })

10
apps/builder/pages/api/typebots/[typebotId].ts
View File

@ -1,4 +1,5 @@
import { withSentry } from '@sentry/nextjs'
import { User } from 'db'
import prisma from 'libs/prisma'
import { NextApiRequest, NextApiResponse } from 'next'
import { getSession } from 'next-auth/react'
@ -11,9 +12,10 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => {
return res.status(401).json({ message: 'Not authenticated' })
const typebotId = req.query.typebotId.toString()
const user = session.user as User
if (req.method === 'GET') {
const typebot = await prisma.typebot.findUnique({
where: { id: typebotId },
where: { id_ownerId: { id: typebotId, ownerId: user.id } },
include: {
publishedTypebot: true,
},
@ -24,14 +26,14 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => {
}
if (req.method === 'DELETE') {
const typebots = await prisma.typebot.delete({
where: { id: typebotId },
where: { id_ownerId: { id: typebotId, ownerId: user.id } },
})
return res.send({ typebots })
}
if (req.method === 'PUT') {
const data = JSON.parse(req.body)
const typebots = await prisma.typebot.update({
where: { id: typebotId },
where: { id_ownerId: { id: typebotId, ownerId: user.id } },
data: {
...data,
theme: data.theme ?? undefined,
@ -43,7 +45,7 @@ const handler = async (req: NextApiRequest, res: NextApiResponse) => {
if (req.method === 'PATCH') {
const data = JSON.parse(req.body)
const typebots = await prisma.typebot.update({
where: { id: typebotId },
where: { id_ownerId: { id: typebotId, ownerId: user.id } },
data,
})
return res.send({ typebots })