tom/hermes-web
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added basic validation for requests

Browse Source
This commit is contained in:
Tom
2024-08-25 21:35:46 +00:00
parent 2d40d6fe09
commit 624b3fa63b
42 changed files with 608 additions and 492 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
app/api/settings/groups/permissions/route.ts
View File

@ -1,13 +1,13 @@
import { db } from "@/lib/db"
import { NextResponse } from "next/server";
import fetchUserWithImpersonation from "@/lib/fetch-user-impersonation";
import { ActionType, Prisma } from "@prisma/client";
import { z } from "zod";
export async function GET(req: Request) {
try {
const user = await fetchUserWithImpersonation(req)
if (!user)
return new NextResponse("Unauthorized", { status: 401 });
return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
const commands = await db.groupPermission.findMany({
where: {
@ -17,20 +17,31 @@ export async function GET(req: Request) {
return NextResponse.json(commands.map(({userId, ...attrs}) => attrs));
} catch (error) {
console.log("[GROUPS/PERMISSIONS]", error);
return new NextResponse("Internal Error", { status: 500 });
return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
}
}
const permissionPathSchema = z.string({
required_error: "Permission path should be available.",
invalid_type_error: "Permission path must be a string"
}).regex(/^[\w\-\.]{1,64}$/, "Permission path must contain only letters, numbers, dashes, periods.")
export async function POST(req: Request) {
try {
const user = await fetchUserWithImpersonation(req)
if (!user)
return new NextResponse("Unauthorized", { status: 401 });
return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
const { path, allow, groupId }: { path: string, allow: boolean, groupId: string } = await req.json();
if (!path)
return new NextResponse("Bad Request", { status: 400 });
return NextResponse.json({ message: 'path does not exist.', error: null, value: null }, { status: 400 });
const permissionPathValidation = permissionPathSchema.safeParse(path)
if (!permissionPathValidation.success)
return NextResponse.json({ message: 'path must meet certain requirements.', error: JSON.parse(permissionPathValidation.error['message'])[0], value: null }, { status: 400 });
if (!groupId)
return NextResponse.json({ message: 'groupId does not exist.', error: null, value: null }, { status: 400 });
if (groupId.length > 64)
return NextResponse.json({ message: 'groupId is too long.', error: null, value: null }, { status: 400 });
const permission = await db.groupPermission.create({
data: {
@ -43,8 +54,7 @@ export async function POST(req: Request) {
return NextResponse.json(permission, { status: 200 });
} catch (error) {
console.log("[GROUPS/PERMISSIONS]", error);
return new NextResponse("Internal Error", { status: 500 });
return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
}
}
@ -52,30 +62,30 @@ export async function PUT(req: Request) {
try {
const user = await fetchUserWithImpersonation(req)
if (!user)
return new NextResponse("Unauthorized", { status: 401 });
return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
const { id, path, allow }: { id: string, path: string, allow: boolean|null } = await req.json();
if (!id)
return new NextResponse("Bad Request", { status: 400 });
return NextResponse.json({ message: 'id does not exist.', error: null, value: null }, { status: 400 });
if (!path)
return new NextResponse("Bad Request", { status: 400 });
let data: any = {}
if (!!path)
data = { ...data, path }
data = { ...data, allow }
return NextResponse.json({ message: 'path does not exist.', error: null, value: null }, { status: 400 });
const permissionPathValidation = permissionPathSchema.safeParse(path)
if (!permissionPathValidation.success)
return NextResponse.json({ message: 'path must meet certain requirements.', error: JSON.parse(permissionPathValidation.error['message'])[0], value: null }, { status: 400 });
const permission = await db.groupPermission.update({
where: {
id
},
data: data
data: {
path,
allow
}
});
return NextResponse.json(permission, { status: 200 });
} catch (error) {
console.log("[GROUPS/PERMISSIONS]", error);
return new NextResponse("Internal Error", { status: 500 });
return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
}
}
@ -83,7 +93,7 @@ export async function DELETE(req: Request) {
try {
const user = await fetchUserWithImpersonation(req)
if (!user)
return new NextResponse("Unauthorized", { status: 401 });
return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
const { searchParams } = new URL(req.url)
const id = searchParams.get('id') as string
@ -95,7 +105,6 @@ export async function DELETE(req: Request) {
return NextResponse.json(permission);
} catch (error) {
console.log("[GROUPS/PERMISSIONS]", error);
return new NextResponse("Internal Error", { status: 500 });
return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 })
}
}