Update uuid usage.
This commit is contained in:
Mike Cao
12
lib/auth.ts
12
lib/auth.ts
@@ -9,10 +9,10 @@ import {
|
||||
getRandomChars,
|
||||
parseSecureToken,
|
||||
parseToken,
|
||||
isUuid,
|
||||
} from 'next-basics';
|
||||
import { getTeamUser } from 'queries';
|
||||
import { getTeamWebsite, getTeamWebsiteByTeamMemberId } from 'queries/admin/teamWebsite';
|
||||
import { validate } from 'uuid';
|
||||
import { loadWebsite } from './load';
|
||||
import { Auth } from './types';
|
||||
|
||||
@@ -108,7 +108,7 @@ export async function canUpdateWebsite({ user }: Auth, websiteId: string) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (!validate(websiteId)) {
|
||||
if (!isUuid(websiteId)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -184,7 +184,7 @@ export async function canUpdateTeam({ user }: Auth, teamId: string) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (validate(teamId)) {
|
||||
if (isUuid(teamId)) {
|
||||
const teamUser = await getTeamUser(teamId, user.id);
|
||||
|
||||
return hasPermission(teamUser.role, PERMISSIONS.teamUpdate);
|
||||
@@ -198,7 +198,7 @@ export async function canDeleteTeam({ user }: Auth, teamId: string) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if (validate(teamId)) {
|
||||
if (isUuid(teamId)) {
|
||||
const teamUser = await getTeamUser(teamId, user.id);
|
||||
|
||||
return hasPermission(teamUser.role, PERMISSIONS.teamDelete);
|
||||
@@ -212,7 +212,7 @@ export async function canDeleteTeamUser({ user }: Auth, teamId: string, removeUs
|
||||
return true;
|
||||
}
|
||||
|
||||
if (validate(teamId) && validate(removeUserId)) {
|
||||
if (isUuid(teamId) && isUuid(removeUserId)) {
|
||||
if (removeUserId === user.id) {
|
||||
return true;
|
||||
}
|
||||
@@ -230,7 +230,7 @@ export async function canDeleteTeamWebsite({ user }: Auth, teamId: string, websi
|
||||
return true;
|
||||
}
|
||||
|
||||
if (validate(teamId) && validate(websiteId)) {
|
||||
if (isUuid(teamId) && isUuid(websiteId)) {
|
||||
const teamWebsite = await getTeamWebsite(teamId, websiteId);
|
||||
|
||||
if (teamWebsite.website.userId === user.id) {
|
||||
|
||||
@@ -4,10 +4,10 @@ import {
|
||||
badRequest,
|
||||
parseSecureToken,
|
||||
tooManyRequest,
|
||||
isUuid,
|
||||
} from 'next-basics';
|
||||
import debug from 'debug';
|
||||
import cors from 'cors';
|
||||
import { validate } from 'uuid';
|
||||
import redis from '@umami/redis-client';
|
||||
import { findSession } from 'lib/session';
|
||||
import { getAuthToken, parseShareToken } from 'lib/auth';
|
||||
@@ -53,7 +53,7 @@ export const useAuth = createMiddleware(async (req, res, next) => {
|
||||
let user = null;
|
||||
const { userId, authKey } = payload || {};
|
||||
|
||||
if (validate(userId)) {
|
||||
if (isUuid(userId)) {
|
||||
user = await getUser({ id: userId });
|
||||
} else if (redis.enabled && authKey) {
|
||||
user = await redis.get(authKey);
|
||||
|
||||
@@ -1,9 +1,8 @@
|
||||
import { secret } from 'lib/crypto';
|
||||
import { getClientInfo, getJsonBody } from 'lib/detect';
|
||||
import { parseToken, uuid } from 'next-basics';
|
||||
import { parseToken, uuid, isUuid } from 'next-basics';
|
||||
import { CollectRequestBody, NextApiRequestCollect } from 'pages/api/send';
|
||||
import { createSession } from 'queries';
|
||||
import { validate } from 'uuid';
|
||||
import cache from './cache';
|
||||
import { loadSession, loadWebsite } from './load';
|
||||
|
||||
@@ -36,7 +35,7 @@ export async function findSession(req: NextApiRequestCollect) {
|
||||
throw new Error('Invalid hostname.');
|
||||
}
|
||||
|
||||
if (!validate(websiteId)) {
|
||||
if (!isUuid(websiteId)) {
|
||||
throw new Error('Invalid website ID.');
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user