tom/hermes-web
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added basic validation for requests

Browse Source
This commit is contained in:
Tom
2024-08-25 21:35:46 +00:00
parent 2d40d6fe09
commit 624b3fa63b
42 changed files with 608 additions and 492 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/api/account/authorize/route.ts
View File

@ -1,3 +1,5 @@
// TODO: remove this page.
import axios from 'axios'
import { db } from "@/lib/db"
import { NextResponse } from "next/server";
@ -10,7 +12,7 @@ export async function GET(req: Request) {
const state = searchParams.get('state') as string
if (!code || !scope || !state) {
return new NextResponse("Bad Request", { status: 400 });
return NextResponse.json({ message: 'Missing oauth2 data.', error: null, value: null }, { status: 400 });
}
// Verify state against user id in user table.
@ -21,7 +23,7 @@ export async function GET(req: Request) {
})
if (!user) {
return new NextResponse("Bad Request", { status: 400 });
return NextResponse.json({ message: 'You do not have permissions for this.', error: null, value: null }, { status: 403 });
}
// Post to https://id.twitch.tv/oauth2/token
@ -37,7 +39,7 @@ export async function GET(req: Request) {
const { access_token, expires_in, refresh_token, token_type } = token
if (!access_token || !refresh_token || token_type !== "bearer") {
return new NextResponse("Unauthorized", { status: 401 });
return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
}
let info = await axios.get("https://api.twitch.tv/helix/users?login=" + user.name, {
@ -57,9 +59,9 @@ export async function GET(req: Request) {
}
})
return new NextResponse("", { status: 200 });
return NextResponse.json({ message: null, error: null, value: null }, { status: 200 })
} catch (error) {
console.log("[ACCOUNT/AUTHORIZE]", error);
return new NextResponse("Internal Error", { status: 500 });
return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
}
}

16
app/api/account/impersonate/route.ts
View File

@ -6,7 +6,7 @@ export async function GET(req: Request) {
try {
const user = await fetchUser(req)
if (!user || user.role != "ADMIN") {
return new NextResponse("Unauthorized", { status: 401 });
return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
}
const impersonation = await db.impersonation.findFirst({
@ -18,7 +18,7 @@ export async function GET(req: Request) {
return NextResponse.json(impersonation);
} catch (error) {
console.log("[AUTH/ACCOUNT/IMPERSONATION]", error);
return new NextResponse("Internal Error", { status: 500 });
return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
}
}
@ -26,7 +26,7 @@ export async function POST(req: Request) {
try {
const user = await fetchUser(req)
if (!user || user.role != "ADMIN") {
return new NextResponse("Unauthorized", { status: 401 });
return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
}
const { targetId } = await req.json();
@ -41,7 +41,7 @@ export async function POST(req: Request) {
return NextResponse.json(impersonation);
} catch (error) {
console.log("[AUTH/ACCOUNT/IMPERSONATION]", error);
return new NextResponse("Internal Error", { status: 500 });
return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
}
}
@ -49,7 +49,7 @@ export async function PUT(req: Request) {
try {
const user = await fetchUser(req)
if (!user || user.role != "ADMIN") {
return new NextResponse("Unauthorized", { status: 401 });
return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
}
const { targetId } = await req.json();
@ -66,7 +66,7 @@ export async function PUT(req: Request) {
return NextResponse.json(impersonation);
} catch (error) {
console.log("[AUTH/ACCOUNT/IMPERSONATION]", error);
return new NextResponse("Internal Error", { status: 500 });
return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
}
}
@ -74,7 +74,7 @@ export async function DELETE(req: Request) {
try {
const user = await fetchUser(req)
if (!user || user.role != "ADMIN") {
return new NextResponse("Unauthorized", { status: 401 });
return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
}
const impersonation = await db.impersonation.delete({
@ -86,6 +86,6 @@ export async function DELETE(req: Request) {
return NextResponse.json(impersonation)
} catch (error) {
console.log("[AUTH/ACCOUNT/IMPERSONATION]", error);
return new NextResponse("Internal Error" + error, { status: 500 });
return NextResponse.json({ message: 'Something went wrong.', error: null, value: null }, { status: 500 })
}
}

8
app/api/account/reauthorize/route.ts
View File

@ -9,7 +9,7 @@ export async function GET(req: Request) {
// Verify state against user id in user table.
const user = await fetchUserWithImpersonation(req)
if (!user) {
return new NextResponse("Unauthorized", { status: 401 });
return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
}
const connection = await db.twitchConnection.findFirst({
@ -18,7 +18,7 @@ export async function GET(req: Request) {
}
})
if (!connection) {
return new NextResponse("Forbidden", { status: 403 });
return NextResponse.json({ message: 'You do not have permission for this.', error: null, value: null }, { status: 403 })
}
try {
@ -59,7 +59,7 @@ export async function GET(req: Request) {
const { access_token, expires_in, refresh_token, token_type } = token
if (!access_token || !refresh_token || token_type !== "bearer") {
return new NextResponse("Unauthorized", { status: 401 });
return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
}
await db.twitchConnection.update({
@ -83,6 +83,6 @@ export async function GET(req: Request) {
return NextResponse.json(data)
} catch (error) {
console.log("[ACCOUNT]", error);
return new NextResponse("Internal Error", { status: 500 });
return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
}
}

9
app/api/account/redemptions/route.ts
View File

@ -1,4 +1,3 @@
import { db } from "@/lib/db"
import { NextResponse } from "next/server";
import fetchUserWithImpersonation from '@/lib/fetch-user-impersonation';
import axios from "axios";
@ -7,16 +6,16 @@ import { updateTwitchToken } from "@/data/twitch-reauthorize";
export async function GET(req: Request) {
try {
if (!process.env.TWITCH_BOT_CLIENT_ID)
return new NextResponse("Internal Error", { status: 500 });
return NextResponse.json({ message: 'Something went wrong.', error: null, value: null }, { status: 500 })
const user = await fetchUserWithImpersonation(req)
if (!user) {
return new NextResponse("Unauthorized", { status: 401 });
return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
}
const auth = await updateTwitchToken(user.id)
if (!auth)
return new NextResponse("Bad Request", { status: 400 })
return NextResponse.json({ message: 'Failed to authorize to Twitch.', error: null, value: null }, { status: 403 });
try {
const redemptions = await axios.get("https://api.twitch.tv/helix/channel_points/custom_rewards?broadcaster_id=" + auth.broadcaster_id,
@ -35,6 +34,6 @@ export async function GET(req: Request) {
return NextResponse.json([]);
} catch (error) {
console.log("[REDEMPTIONS/ACTIONS]", error);
return new NextResponse("Internal Error", { status: 500 });
return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
}
}

9
app/api/account/route.ts
View File

@ -7,7 +7,7 @@ import fetchUser from "@/lib/fetch-user";
export async function GET(req: Request) {
try {
const user = await fetchUser(req)
if (!user) return new NextResponse("Internal Error", { status: 401 })
if (!user) return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 })
const account = await db.account.findFirst({
where: {
@ -18,7 +18,7 @@ export async function GET(req: Request) {
return NextResponse.json({ ... user, broadcasterId: account?.providerAccountId })
} catch (error) {
console.log("[ACCOUNT]", error);
return new NextResponse("Internal Error", { status: 500 });
return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
}
}
@ -27,7 +27,7 @@ export async function POST(req: Request) {
const session = await auth()
const user = session?.user?.name
if (!user) {
return new NextResponse("Internal Error", { status: 401 })
return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 })
}
const exist = await db.user.findFirst({
@ -54,7 +54,6 @@ export async function POST(req: Request) {
username: newUser.name
});
} catch (error) {
console.log("[ACCOUNT]", error);
return new NextResponse("Internal Error", { status: 500 });
return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
}
}