Added basic validation for requests
This commit is contained in:
@ -4,12 +4,13 @@ import fetchUserWithImpersonation from "@/lib/fetch-user-impersonation";
|
||||
import axios from "axios";
|
||||
import { env } from "process";
|
||||
import { TwitchUpdateAuthorization } from "@/lib/twitch";
|
||||
import { z } from "zod"
|
||||
|
||||
export async function GET(req: Request) {
|
||||
try {
|
||||
const user = await fetchUserWithImpersonation(req)
|
||||
if (!user)
|
||||
return new NextResponse("Unauthorized", { status: 401 });
|
||||
return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
|
||||
|
||||
const { searchParams } = new URL(req.url)
|
||||
const groupId = searchParams.get('groupId') as string
|
||||
@ -17,7 +18,7 @@ export async function GET(req: Request) {
|
||||
const search = searchParams.get('search') as string
|
||||
|
||||
if (!groupId && search != 'all')
|
||||
return new NextResponse("Bad Request", { status: 400 })
|
||||
return NextResponse.json({ message: 'Something went wrong', error: null, value: null }, { status: 400 })
|
||||
|
||||
let page = parseInt(pageString)
|
||||
if (isNaN(page) || page === undefined || page === null)
|
||||
@ -40,18 +41,15 @@ export async function GET(req: Request) {
|
||||
})
|
||||
|
||||
const paginated = search == 'all' ? chatters : chatters.slice(page * 50, (page + 1) * 50)
|
||||
if (!paginated || paginated.length == 0) {
|
||||
console.log('No users returned from db')
|
||||
if (!paginated || paginated.length == 0)
|
||||
return NextResponse.json([])
|
||||
}
|
||||
|
||||
const ids = chatters.map(c => c.chatterId)
|
||||
const idsString = 'id=' + ids.map(i => i.toString()).reduce((a, b) => a + '&id=' + b)
|
||||
|
||||
const auth = await TwitchUpdateAuthorization(user.id)
|
||||
if (!auth) {
|
||||
return new NextResponse("", { status: 403 })
|
||||
}
|
||||
if (!auth)
|
||||
return NextResponse.json({ message: 'Unauthorized', error: null, value: null }, { status: 403 })
|
||||
|
||||
const users = await axios.get("https://api.twitch.tv/helix/users?" + idsString, {
|
||||
headers: {
|
||||
@ -60,31 +58,38 @@ export async function GET(req: Request) {
|
||||
}
|
||||
})
|
||||
|
||||
if (!users) {
|
||||
return new NextResponse("", { status: 400 })
|
||||
}
|
||||
if (!users)
|
||||
return NextResponse.json({ message: 'No users found', error: null, value: null }, { status: 400 })
|
||||
|
||||
if (users.data.data.length == 0) {
|
||||
console.log('No users returned from twitch')
|
||||
if (users.data.data.length == 0)
|
||||
return NextResponse.json([])
|
||||
}
|
||||
|
||||
return NextResponse.json(users.data.data.map((u: any) => ({ id: u.id, username: u.login })));
|
||||
} catch (error) {
|
||||
console.log("[GROUPS/USERS]", error);
|
||||
return new NextResponse("Internal Error", { status: 500 });
|
||||
return NextResponse.json({ message: 'Failed to get', error: error, value: null }, { status: 500 })
|
||||
}
|
||||
}
|
||||
|
||||
const groupIdSchema = z.string({
|
||||
required_error: "Group ID should be available.",
|
||||
invalid_type_error: "Group ID must be a string"
|
||||
}).regex(/^[\w\-\=]{1,32}$/, "Group ID must contain only letters, numbers, dashes, underscores & equal signs.")
|
||||
|
||||
export async function POST(req: Request) {
|
||||
try {
|
||||
const user = await fetchUserWithImpersonation(req)
|
||||
if (!user)
|
||||
return new NextResponse("Unauthorized", { status: 401 });
|
||||
return NextResponse.json({ message: 'Unauthorized', error: null, value: null }, { status: 401 })
|
||||
|
||||
const { groupId, users }: { groupId: string, users: { id: number, username: string }[] } = await req.json();
|
||||
if (!groupId || !users)
|
||||
return new NextResponse("Bad Request", { status: 400 });
|
||||
if (!groupId)
|
||||
return NextResponse.json({ message: 'groupId must be set.', error: null, value: null }, { status: 400 });
|
||||
if (!users)
|
||||
return NextResponse.json({ message: 'users must be set.', error: null, value: null }, { status: 400 });
|
||||
|
||||
const groupIdValidation = await groupIdSchema.safeParseAsync(groupId)
|
||||
if (!groupIdValidation.success)
|
||||
return NextResponse.json({ message: 'groupId does not meet requirements.', error: JSON.parse(groupIdValidation.error['message'])[0], value: null }, { status: 400 })
|
||||
|
||||
const chatters = await db.chatterGroup.createMany({
|
||||
data: users.map(u => ({ userId: user.id, chatterId: u.id, groupId, chatterLabel: u.username }))
|
||||
@ -92,8 +97,7 @@ export async function POST(req: Request) {
|
||||
|
||||
return NextResponse.json(chatters, { status: 200 });
|
||||
} catch (error) {
|
||||
console.log("[GROUPS/USERS]", error);
|
||||
return new NextResponse("Internal Error", { status: 500 });
|
||||
return NextResponse.json({ message: 'Failed to create', error: error, value: null }, { status: 500 })
|
||||
}
|
||||
}
|
||||
|
||||
@ -101,13 +105,20 @@ export async function DELETE(req: Request) {
|
||||
try {
|
||||
const user = await fetchUserWithImpersonation(req)
|
||||
if (!user)
|
||||
return new NextResponse("Unauthorized", { status: 401 });
|
||||
return NextResponse.json({ message: 'Unauthorized', error: null, value: null }, { status: 401 })
|
||||
|
||||
const { searchParams } = new URL(req.url)
|
||||
const groupId = searchParams.get('groupId') as string
|
||||
const ids = searchParams.get('ids') as string
|
||||
if (!groupId || !ids)
|
||||
return new NextResponse("Bad Request", { status: 400 });
|
||||
if (!groupId)
|
||||
return NextResponse.json({ message: 'groupId must be set.', error: null, value: null }, { status: 400 });
|
||||
|
||||
if (!ids)
|
||||
return NextResponse.json({ message: 'ids must be set.', error: null, value: null }, { status: 400 });
|
||||
|
||||
const groupIdValidation = await groupIdSchema.safeParseAsync(groupId)
|
||||
if (!groupIdValidation.success)
|
||||
return NextResponse.json({ message: 'groupId does not meet requirements.', error: JSON.parse(groupIdValidation.error['message'])[0], value: null }, { status: 400 })
|
||||
|
||||
const chatters = await db.chatterGroup.deleteMany({
|
||||
where: {
|
||||
@ -121,7 +132,6 @@ export async function DELETE(req: Request) {
|
||||
|
||||
return NextResponse.json(chatters);
|
||||
} catch (error) {
|
||||
console.log("[GROUPS/USERS]", error);
|
||||
return new NextResponse("Internal Error", { status: 500 });
|
||||
return NextResponse.json({ message: 'Failed to delete.', error: error, value: null }, { status: 500 })
|
||||
}
|
||||
}
|
||||
@ -1,13 +1,13 @@
|
||||
import { db } from "@/lib/db"
|
||||
import { NextResponse } from "next/server";
|
||||
import fetchUserWithImpersonation from "@/lib/fetch-user-impersonation";
|
||||
import { ActionType, Prisma } from "@prisma/client";
|
||||
import { z } from "zod";
|
||||
|
||||
export async function GET(req: Request) {
|
||||
try {
|
||||
const user = await fetchUserWithImpersonation(req)
|
||||
if (!user)
|
||||
return new NextResponse("Unauthorized", { status: 401 });
|
||||
return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
|
||||
|
||||
const commands = await db.groupPermission.findMany({
|
||||
where: {
|
||||
@ -17,20 +17,31 @@ export async function GET(req: Request) {
|
||||
|
||||
return NextResponse.json(commands.map(({userId, ...attrs}) => attrs));
|
||||
} catch (error) {
|
||||
console.log("[GROUPS/PERMISSIONS]", error);
|
||||
return new NextResponse("Internal Error", { status: 500 });
|
||||
return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
|
||||
}
|
||||
}
|
||||
|
||||
const permissionPathSchema = z.string({
|
||||
required_error: "Permission path should be available.",
|
||||
invalid_type_error: "Permission path must be a string"
|
||||
}).regex(/^[\w\-\.]{1,64}$/, "Permission path must contain only letters, numbers, dashes, periods.")
|
||||
|
||||
export async function POST(req: Request) {
|
||||
try {
|
||||
const user = await fetchUserWithImpersonation(req)
|
||||
if (!user)
|
||||
return new NextResponse("Unauthorized", { status: 401 });
|
||||
return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
|
||||
|
||||
const { path, allow, groupId }: { path: string, allow: boolean, groupId: string } = await req.json();
|
||||
if (!path)
|
||||
return new NextResponse("Bad Request", { status: 400 });
|
||||
return NextResponse.json({ message: 'path does not exist.', error: null, value: null }, { status: 400 });
|
||||
const permissionPathValidation = permissionPathSchema.safeParse(path)
|
||||
if (!permissionPathValidation.success)
|
||||
return NextResponse.json({ message: 'path must meet certain requirements.', error: JSON.parse(permissionPathValidation.error['message'])[0], value: null }, { status: 400 });
|
||||
if (!groupId)
|
||||
return NextResponse.json({ message: 'groupId does not exist.', error: null, value: null }, { status: 400 });
|
||||
if (groupId.length > 64)
|
||||
return NextResponse.json({ message: 'groupId is too long.', error: null, value: null }, { status: 400 });
|
||||
|
||||
const permission = await db.groupPermission.create({
|
||||
data: {
|
||||
@ -43,8 +54,7 @@ export async function POST(req: Request) {
|
||||
|
||||
return NextResponse.json(permission, { status: 200 });
|
||||
} catch (error) {
|
||||
console.log("[GROUPS/PERMISSIONS]", error);
|
||||
return new NextResponse("Internal Error", { status: 500 });
|
||||
return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
|
||||
}
|
||||
}
|
||||
|
||||
@ -52,30 +62,30 @@ export async function PUT(req: Request) {
|
||||
try {
|
||||
const user = await fetchUserWithImpersonation(req)
|
||||
if (!user)
|
||||
return new NextResponse("Unauthorized", { status: 401 });
|
||||
return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
|
||||
|
||||
const { id, path, allow }: { id: string, path: string, allow: boolean|null } = await req.json();
|
||||
if (!id)
|
||||
return new NextResponse("Bad Request", { status: 400 });
|
||||
return NextResponse.json({ message: 'id does not exist.', error: null, value: null }, { status: 400 });
|
||||
if (!path)
|
||||
return new NextResponse("Bad Request", { status: 400 });
|
||||
|
||||
let data: any = {}
|
||||
if (!!path)
|
||||
data = { ...data, path }
|
||||
data = { ...data, allow }
|
||||
return NextResponse.json({ message: 'path does not exist.', error: null, value: null }, { status: 400 });
|
||||
const permissionPathValidation = permissionPathSchema.safeParse(path)
|
||||
if (!permissionPathValidation.success)
|
||||
return NextResponse.json({ message: 'path must meet certain requirements.', error: JSON.parse(permissionPathValidation.error['message'])[0], value: null }, { status: 400 });
|
||||
|
||||
const permission = await db.groupPermission.update({
|
||||
where: {
|
||||
id
|
||||
},
|
||||
data: data
|
||||
data: {
|
||||
path,
|
||||
allow
|
||||
}
|
||||
});
|
||||
|
||||
return NextResponse.json(permission, { status: 200 });
|
||||
} catch (error) {
|
||||
console.log("[GROUPS/PERMISSIONS]", error);
|
||||
return new NextResponse("Internal Error", { status: 500 });
|
||||
return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
|
||||
}
|
||||
}
|
||||
|
||||
@ -83,7 +93,7 @@ export async function DELETE(req: Request) {
|
||||
try {
|
||||
const user = await fetchUserWithImpersonation(req)
|
||||
if (!user)
|
||||
return new NextResponse("Unauthorized", { status: 401 });
|
||||
return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
|
||||
|
||||
const { searchParams } = new URL(req.url)
|
||||
const id = searchParams.get('id') as string
|
||||
@ -95,7 +105,6 @@ export async function DELETE(req: Request) {
|
||||
|
||||
return NextResponse.json(permission);
|
||||
} catch (error) {
|
||||
console.log("[GROUPS/PERMISSIONS]", error);
|
||||
return new NextResponse("Internal Error", { status: 500 });
|
||||
return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
|
||||
}
|
||||
}
|
||||
@ -1,13 +1,13 @@
|
||||
import { db } from "@/lib/db"
|
||||
import { NextResponse } from "next/server";
|
||||
import fetchUserWithImpersonation from "@/lib/fetch-user-impersonation";
|
||||
import { ActionType, Prisma } from "@prisma/client";
|
||||
import { z } from "zod";
|
||||
|
||||
export async function GET(req: Request) {
|
||||
try {
|
||||
const user = await fetchUserWithImpersonation(req)
|
||||
if (!user) {
|
||||
return new NextResponse("Unauthorized", { status: 401 });
|
||||
return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
|
||||
}
|
||||
|
||||
const actions = await db.group.findMany({
|
||||
@ -16,23 +16,30 @@ export async function GET(req: Request) {
|
||||
}
|
||||
})
|
||||
|
||||
return NextResponse.json(actions.map(({userId, ...attrs}) => attrs));
|
||||
return NextResponse.json(actions.map(({ userId, ...attrs }) => attrs));
|
||||
} catch (error) {
|
||||
console.log("[GROUPS]", error);
|
||||
return new NextResponse("Internal Error", { status: 500 });
|
||||
return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
|
||||
}
|
||||
}
|
||||
|
||||
const groupNameSchema = z.string({
|
||||
required_error: "Group name is required.",
|
||||
invalid_type_error: "Group name must be a string"
|
||||
}).regex(/^[\w\-\s]{1,20}$/, "Group name must contain only letters, numbers, spaces, dashes, and underscores.")
|
||||
|
||||
export async function POST(req: Request) {
|
||||
try {
|
||||
const user = await fetchUserWithImpersonation(req)
|
||||
if (!user) {
|
||||
return new NextResponse("Unauthorized", { status: 401 });
|
||||
return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
|
||||
}
|
||||
|
||||
const { name, priority }: { name: string, priority: number } = await req.json();
|
||||
if (!name)
|
||||
return new NextResponse("Bad Request", { status: 400 });
|
||||
return NextResponse.json({ message: 'name does not exist.', error: null, value: null }, { status: 400 });
|
||||
const groupNameValidation = await groupNameSchema.safeParseAsync(name)
|
||||
if (!groupNameValidation.success)
|
||||
return NextResponse.json({ message: 'name does not meet requirements.', error: JSON.parse(groupNameValidation.error['message'])[0], value: null }, { status: 400 })
|
||||
|
||||
const group = await db.group.create({
|
||||
data: {
|
||||
@ -44,8 +51,7 @@ export async function POST(req: Request) {
|
||||
|
||||
return NextResponse.json(group, { status: 200 });
|
||||
} catch (error) {
|
||||
console.log("[GROUPS]", error);
|
||||
return new NextResponse("Internal Error", { status: 500 });
|
||||
return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
|
||||
}
|
||||
}
|
||||
|
||||
@ -53,19 +59,24 @@ export async function PUT(req: Request) {
|
||||
try {
|
||||
const user = await fetchUserWithImpersonation(req)
|
||||
if (!user) {
|
||||
return new NextResponse("Unauthorized", { status: 401 });
|
||||
return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
|
||||
}
|
||||
|
||||
const { id, name, priority }: { id: string, name: string, priority: number } = await req.json();
|
||||
if (!id)
|
||||
return new NextResponse("Bad Request", { status: 400 });
|
||||
return NextResponse.json({ message: 'id does not exist.', error: null, value: null }, { status: 400 });
|
||||
if (!name && !priority)
|
||||
return new NextResponse("Bad Request", { status: 400 });
|
||||
return NextResponse.json({ message: 'Either name or priority must not be null.', error: null, value: null }, { status: 400 });
|
||||
if (name) {
|
||||
const groupNameValidation = await groupNameSchema.safeParseAsync(name)
|
||||
if (!groupNameValidation.success)
|
||||
return NextResponse.json({ message: 'name does not meet requirements.', error: JSON.parse(groupNameValidation.error['message'])[0], value: null }, { status: 400 })
|
||||
}
|
||||
|
||||
let data: any = {}
|
||||
if (!!name)
|
||||
if (name)
|
||||
data = { ...data, name: name.toLowerCase() }
|
||||
if (!!priority)
|
||||
if (priority)
|
||||
data = { ...data, priority }
|
||||
|
||||
const group = await db.group.update({
|
||||
@ -77,8 +88,7 @@ export async function PUT(req: Request) {
|
||||
|
||||
return NextResponse.json(group, { status: 200 });
|
||||
} catch (error) {
|
||||
console.log("[GROUPS]", error);
|
||||
return new NextResponse("Internal Error", { status: 500 });
|
||||
return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
|
||||
}
|
||||
}
|
||||
|
||||
@ -86,7 +96,7 @@ export async function DELETE(req: Request) {
|
||||
try {
|
||||
const user = await fetchUserWithImpersonation(req)
|
||||
if (!user) {
|
||||
return new NextResponse("Unauthorized", { status: 401 });
|
||||
return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
|
||||
}
|
||||
|
||||
const { searchParams } = new URL(req.url)
|
||||
@ -99,7 +109,6 @@ export async function DELETE(req: Request) {
|
||||
|
||||
return NextResponse.json(group);
|
||||
} catch (error) {
|
||||
console.log("[GROUPS]", error);
|
||||
return new NextResponse("Internal Error", { status: 500 });
|
||||
return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
|
||||
}
|
||||
}
|
||||
@ -8,13 +8,13 @@ export async function GET(req: Request) {
|
||||
try {
|
||||
const user = await fetchUserWithImpersonation(req)
|
||||
if (!user)
|
||||
return new NextResponse("Unauthorized", { status: 401 });
|
||||
return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
|
||||
|
||||
const { searchParams } = new URL(req.url)
|
||||
const logins = (searchParams.get('logins') as string)?.split(',').reduce((a,b) => a + ',&login=' + b)
|
||||
const ids = (searchParams.get('ids') as string)?.split(',').reduce((a,b) => a + ',&id=' + b)
|
||||
if (!logins && !ids) {
|
||||
return new NextResponse("Bad Request", { status: 400 });
|
||||
return NextResponse.json({ message: 'Either logins or ids must not be null.', error: null, value: null }, { status: 400 });
|
||||
}
|
||||
|
||||
let suffix = ""
|
||||
@ -27,7 +27,7 @@ export async function GET(req: Request) {
|
||||
|
||||
const auth = await TwitchUpdateAuthorization(user.id)
|
||||
if (!auth) {
|
||||
return new NextResponse("", { status: 403 })
|
||||
return NextResponse.json({ message: 'You do not have permissions for this.', error: null, value: null }, { status: 403 });
|
||||
}
|
||||
|
||||
console.log('TWITCH URL:', 'https://api.twitch.tv/helix/users' + suffix)
|
||||
@ -39,17 +39,11 @@ export async function GET(req: Request) {
|
||||
}
|
||||
})
|
||||
|
||||
if (!users || !users.data) {
|
||||
return new NextResponse("", { status: 400 })
|
||||
}
|
||||
if (!users?.data?.data)
|
||||
return NextResponse.json([], { status: 200 });
|
||||
|
||||
if (users.data.data.length == 0) {
|
||||
return NextResponse.json([])
|
||||
}
|
||||
|
||||
return NextResponse.json(users.data.data.map((u: any) => ({ id: u.id, username: u.login })));
|
||||
return NextResponse.json(users.data.data.map((u: any) => ({ id: u.id, username: u.login })), { status: 200 });
|
||||
} catch (error) {
|
||||
console.log("[GROUPS/USERS]", error);
|
||||
return new NextResponse("Internal Error", { status: 500 });
|
||||
return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
|
||||
}
|
||||
}
|
||||
@ -1,22 +1,31 @@
|
||||
import { db } from "@/lib/db"
|
||||
import { NextResponse } from "next/server";
|
||||
import fetchUserWithImpersonation from "@/lib/fetch-user-impersonation";
|
||||
import axios from "axios";
|
||||
import { env } from "process";
|
||||
import { TwitchUpdateAuthorization } from "@/lib/twitch";
|
||||
import { z } from "zod";
|
||||
|
||||
const groupIdSchema = z.string({
|
||||
required_error: "Group ID should be available.",
|
||||
invalid_type_error: "Group ID must be a string"
|
||||
}).regex(/^[\w\-\=]{1,32}$/, "Group ID must contain only letters, numbers, dashes, underscores & equal signs.")
|
||||
|
||||
export async function GET(req: Request) {
|
||||
try {
|
||||
const user = await fetchUserWithImpersonation(req)
|
||||
if (!user)
|
||||
return new NextResponse("Unauthorized", { status: 401 });
|
||||
return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 })
|
||||
|
||||
const { searchParams } = new URL(req.url)
|
||||
const groupId = searchParams.get('groupId') as string
|
||||
|
||||
if (groupId) {
|
||||
const groupIdValidation = await groupIdSchema.safeParseAsync(groupId)
|
||||
if (!groupIdValidation.success)
|
||||
return NextResponse.json({ message: 'groupId does not meet requirements.', error: JSON.parse(groupIdValidation.error['message'])[0], value: null }, { status: 400 })
|
||||
}
|
||||
|
||||
let chatters: { userId: string, groupId: string, chatterId: bigint, chatterLabel: string }[]
|
||||
|
||||
if (!!groupId)
|
||||
if (groupId)
|
||||
chatters = await db.chatterGroup.findMany({
|
||||
where: {
|
||||
userId: user.id,
|
||||
@ -31,10 +40,8 @@ export async function GET(req: Request) {
|
||||
})
|
||||
|
||||
return NextResponse.json(chatters.map(u => ({ ...u, chatterId: Number(u.chatterId) }))
|
||||
.map(({userId, chatterLabel, ...attrs}) => attrs))
|
||||
|
||||
.map(({ userId, chatterLabel, ...attrs }) => attrs))
|
||||
} catch (error) {
|
||||
console.log("[GROUPS/USERS]", error);
|
||||
return new NextResponse("Internal Error", { status: 500 });
|
||||
return NextResponse.json({ message: 'Failed to get groups', error: error, value: null }, { status: 500 })
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user