tom/hermes-web
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added basic validation for requests

Browse Source
This commit is contained in:
Tom
2024-08-25 21:35:46 +00:00
parent 2d40d6fe09
commit 624b3fa63b
42 changed files with 608 additions and 492 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
app/api/settings/redemptions/actions/route.ts
View File

@ -2,12 +2,13 @@ import { db } from "@/lib/db"
import { NextResponse } from "next/server";
import fetchUserWithImpersonation from "@/lib/fetch-user-impersonation";
import { ActionType, Prisma } from "@prisma/client";
import { z } from "zod";
export async function GET(req: Request) {
try {
const user = await fetchUserWithImpersonation(req)
if (!user) {
return new NextResponse("Unauthorized", { status: 401 });
return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
}
const actions = await db.action.findMany({
@ -17,17 +18,21 @@ export async function GET(req: Request) {
})
return NextResponse.json(actions.map(({ userId, ...attrs }) => attrs));
} catch (error) {
console.log("[REDEMPTIONS/ACTIONS]", error);
return new NextResponse("Internal Error", { status: 500 });
} catch (error: any) {
return NextResponse.json({ message: null, error: error, value: null }, { status: 500 });
}
}
const nameSchema = z.string({
required_error: "Name is required.",
invalid_type_error: "Name must be a string"
}).regex(/^[\w\-\s]{1,32}$/, "Name must contain only letters, numbers, spaces, dashes, and underscores.")
async function common(req: Request, action: (id: string, name: string, type: ActionType, data: any) => void) {
try {
const user = await fetchUserWithImpersonation(req)
if (!user) {
return new NextResponse("Unauthorized", { status: 401 });
return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
}
const { name, type, scene_name, scene_item_name, rotation, position_x, position_y, file_path, file_content, tts_voice, obs_visible, obs_index, sleep, oauth_name, oauth_type }:
@ -35,16 +40,21 @@ async function common(req: Request, action: (id: string, name: string, type: Act
name: string, type: ActionType, scene_name: string, scene_item_name: string, rotation: string, position_x: string, position_y: string, file_path: string, file_content: string, tts_voice: string, obs_visible: boolean, obs_index: number, sleep: number,
oauth_name: string, oauth_type: string
} = await req.json();
if (!name && !type)
return new NextResponse("Bad Request", { status: 400 });
if (!name)
return NextResponse.json({ message: 'name is required.', error: null, value: null }, { status: 400 });
const nameValidation = nameSchema.safeParse(name)
if (!nameValidation.success)
return NextResponse.json({ message: 'name must follow some requirements.', error: nameValidation.error, value: null }, { status: 400 });
if (!type)
return NextResponse.json({ message: 'type is required', error: null, value: null }, { status: 400 });
if (type == ActionType.OBS_TRANSFORM && (!scene_name || !scene_item_name || !rotation && !position_x && !position_y))
return new NextResponse("Bad Request", { status: 400 });
return NextResponse.json({ message: '"scene_name", "scene_item_name" and one of "rotation", "position_x", "position_y" are required.', error: null, value: null }, { status: 400 });
if ((type == ActionType.WRITE_TO_FILE || type == ActionType.APPEND_TO_FILE) && (!file_path || !file_content))
return new NextResponse("Bad Request", { status: 400 });
return NextResponse.json({ message: '"scene_name", "scene_item_name", "file_path" & "file_content" are required.', error: null, value: null }, { status: 400 });
if (type == ActionType.AUDIO_FILE && !file_path)
return new NextResponse("Bad Request", { status: 400 });
return NextResponse.json({ message: '"scene_name", "scene_item_name" & "file_path" are required.', error: null, value: null }, { status: 400 });
if ([ActionType.OAUTH, ActionType.NIGHTBOT_PLAY, ActionType.NIGHTBOT_PAUSE, ActionType.NIGHTBOT_SKIP, ActionType.NIGHTBOT_CLEAR_PLAYLIST, ActionType.NIGHTBOT_CLEAR_QUEUE, ActionType.TWITCH_OAUTH].some(t => t == type) && (!oauth_name || !oauth_type))
return new NextResponse("Bad Request", { status: 400 });
return NextResponse.json({ message: '"oauth_name" & "oauth_type" are required.', error: null, value: null }, { status: 400 });
let data: any = {}
if (type == ActionType.WRITE_TO_FILE || type == ActionType.APPEND_TO_FILE) {
@ -78,10 +88,9 @@ async function common(req: Request, action: (id: string, name: string, type: Act
action(user.id, name, type, data)
return new NextResponse("", { status: 200 });
return NextResponse.json({ message: null, error: null, value: null }, { status: 200 });
} catch (error: any) {
//console.log("[REDEMPTIONS/ACTIONS]", error);
return new NextResponse("Internal Error", { status: 500 });
return NextResponse.json({ message: null, error: error, value: null }, { status: 500 });
}
}
@ -120,7 +129,7 @@ export async function DELETE(req: Request) {
try {
const user = await fetchUserWithImpersonation(req)
if (!user) {
return new NextResponse("Unauthorized", { status: 401 });
return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 });
}
const { searchParams } = new URL(req.url)
@ -135,8 +144,7 @@ export async function DELETE(req: Request) {
})
return NextResponse.json(redemptions);
} catch (error) {
console.log("[REDEMPTIONS]", error);
return new NextResponse("Internal Error", { status: 500 });
} catch (error: any) {
return NextResponse.json({ message: null, error: error, value: null }, { status: 500 });
}
}