Use token authentication for API requests.

2020-09-17 22:52:20 -07:00
parent bff8806b61
commit 96bd7e5b47
34 changed files with 198 additions and 153 deletions
--- a/pages/api/website/[id]/active.js
+++ b/pages/api/website/[id]/active.js
@@ -1,12 +1,18 @@
 import { getActiveVisitors } from 'lib/queries';
-import { methodNotAllowed, ok } from 'lib/response';
+import { methodNotAllowed, ok, unauthorized } from 'lib/response';
+import { allowQuery } from 'lib/auth';

 export default async (req, res) => {
  if (req.method === 'GET') {
-    const { id } = req.query;
-    const website_id = +id;
+    if (!(await allowQuery(req))) {
+      return unauthorized(res);
+    }

-    const result = await getActiveVisitors(website_id);
+    const { id } = req.query;
+
+    const websiteId = +id;
+
+    const result = await getActiveVisitors(websiteId);

    return ok(res, result);
  }