API security updates.

pages/api/website/[id]/metrics.js

@@ -1,18 +1,25 @@
 import { getMetrics } from 'lib/queries';
-import { ok } from 'lib/response';
+import { methodNotAllowed, ok } from 'lib/response';
+import { useAuth } from 'lib/middleware';
 
 export default async (req, res) => {
-  const { id, start_at, end_at } = req.query;
-  const websiteId = +id;
-  const startDate = new Date(+start_at);
-  const endDate = new Date(+end_at);
+  await useAuth(req, res);
 
-  const metrics = await getMetrics(websiteId, startDate, endDate);
+  if (req.method === 'GET') {
+    const { id, start_at, end_at } = req.query;
+    const websiteId = +id;
+    const startDate = new Date(+start_at);
+    const endDate = new Date(+end_at);
 
-  const stats = Object.keys(metrics[0]).reduce((obj, key) => {
-    obj[key] = Number(metrics[0][key]) || 0;
-    return obj;
-  }, {});
+    const metrics = await getMetrics(websiteId, startDate, endDate);
 
-  return ok(res, stats);
+    const stats = Object.keys(metrics[0]).reduce((obj, key) => {
+      obj[key] = Number(metrics[0][key]) || 0;
+      return obj;
+    }, {});
+
+    return ok(res, stats);
+  }
+
+  return methodNotAllowed(res);
 };