Merge branch 'dev' into tags-in-public-collection
This commit is contained in:
Daniel
@@ -1,9 +1,11 @@
|
||||
import { prisma } from "@/lib/api/db";
|
||||
import sendInvitationRequest from "@/lib/api/sendInvitationRequest";
|
||||
import sendVerificationRequest from "@/lib/api/sendVerificationRequest";
|
||||
import verifySubscription from "@/lib/api/verifySubscription";
|
||||
import updateSeats from "@/lib/api/stripe/updateSeats";
|
||||
import verifySubscription from "@/lib/api/stripe/verifySubscription";
|
||||
import { PrismaAdapter } from "@auth/prisma-adapter";
|
||||
import { User } from "@prisma/client";
|
||||
import bcrypt from "bcrypt";
|
||||
import { randomBytes } from "crypto";
|
||||
import type { NextApiRequest, NextApiResponse } from "next";
|
||||
import { Adapter } from "next-auth/adapters";
|
||||
import NextAuth from "next-auth/next";
|
||||
@@ -133,6 +135,7 @@ if (process.env.NEXT_PUBLIC_CREDENTIALS_ENABLED !== "false") {
|
||||
if (emailEnabled) {
|
||||
providers.push(
|
||||
EmailProvider({
|
||||
id: "email",
|
||||
server: process.env.EMAIL_SERVER,
|
||||
from: process.env.EMAIL_FROM,
|
||||
maxAge: 1200,
|
||||
@@ -157,6 +160,56 @@ if (emailEnabled) {
|
||||
token,
|
||||
});
|
||||
},
|
||||
}),
|
||||
EmailProvider({
|
||||
id: "invite",
|
||||
server: process.env.EMAIL_SERVER,
|
||||
from: process.env.EMAIL_FROM,
|
||||
maxAge: 1200,
|
||||
async sendVerificationRequest({ identifier, url, provider, token }) {
|
||||
const parentSubscriptionEmail = (
|
||||
await prisma.user.findFirst({
|
||||
where: {
|
||||
email: identifier,
|
||||
emailVerified: null,
|
||||
},
|
||||
include: {
|
||||
parentSubscription: {
|
||||
include: {
|
||||
user: {
|
||||
select: {
|
||||
email: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
})
|
||||
)?.parentSubscription?.user.email;
|
||||
|
||||
if (!parentSubscriptionEmail) throw Error("Invalid email.");
|
||||
|
||||
const recentVerificationRequestsCount =
|
||||
await prisma.verificationToken.count({
|
||||
where: {
|
||||
identifier,
|
||||
createdAt: {
|
||||
gt: new Date(new Date().getTime() - 1000 * 60 * 5), // 5 minutes
|
||||
},
|
||||
},
|
||||
});
|
||||
|
||||
if (recentVerificationRequestsCount >= 4)
|
||||
throw Error("Too many requests. Please try again later.");
|
||||
|
||||
sendInvitationRequest({
|
||||
parentSubscriptionEmail,
|
||||
identifier,
|
||||
url,
|
||||
from: provider.from as string,
|
||||
token,
|
||||
});
|
||||
},
|
||||
})
|
||||
);
|
||||
}
|
||||
@@ -1179,6 +1232,52 @@ export default async function auth(req: NextApiRequest, res: NextApiResponse) {
|
||||
},
|
||||
callbacks: {
|
||||
async signIn({ user, account, profile, email, credentials }) {
|
||||
if (
|
||||
!(user as User).emailVerified &&
|
||||
!email?.verificationRequest
|
||||
// && (account?.provider === "email" || account?.provider === "google")
|
||||
) {
|
||||
// Email is being verified for the first time...
|
||||
console.log("Email is being verified for the first time...");
|
||||
|
||||
const parentSubscriptionId = (user as User).parentSubscriptionId;
|
||||
|
||||
if (parentSubscriptionId) {
|
||||
// Add seat request to Stripe
|
||||
const parentSubscription = await prisma.subscription.findFirst({
|
||||
where: {
|
||||
id: parentSubscriptionId,
|
||||
},
|
||||
});
|
||||
|
||||
// Count child users with verified email under a specific subscription, excluding the current user
|
||||
const verifiedChildUsersCount = await prisma.user.count({
|
||||
where: {
|
||||
parentSubscriptionId: parentSubscriptionId,
|
||||
id: {
|
||||
not: user.id as number,
|
||||
},
|
||||
emailVerified: {
|
||||
not: null,
|
||||
},
|
||||
},
|
||||
});
|
||||
|
||||
if (
|
||||
STRIPE_SECRET_KEY &&
|
||||
parentSubscription?.quantity &&
|
||||
verifiedChildUsersCount + 2 > // add current user and the admin
|
||||
parentSubscription.quantity
|
||||
) {
|
||||
// Add seat if the user count exceeds the subscription limit
|
||||
await updateSeats(
|
||||
parentSubscription.stripeSubscriptionId,
|
||||
verifiedChildUsersCount + 2
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (account?.provider !== "credentials") {
|
||||
// registration via SSO can be separately disabled
|
||||
const existingUser = await prisma.account.findFirst({
|
||||
@@ -1287,8 +1386,6 @@ export default async function auth(req: NextApiRequest, res: NextApiResponse) {
|
||||
async session({ session, token }) {
|
||||
session.user.id = token.id;
|
||||
|
||||
console.log("session", session);
|
||||
|
||||
if (STRIPE_SECRET_KEY) {
|
||||
const user = await prisma.user.findUnique({
|
||||
where: {
|
||||
@@ -1296,6 +1393,7 @@ export default async function auth(req: NextApiRequest, res: NextApiResponse) {
|
||||
},
|
||||
include: {
|
||||
subscriptions: true,
|
||||
parentSubscription: true,
|
||||
},
|
||||
});
|
||||
|
||||
|
||||
@@ -54,7 +54,7 @@ export default async function forgotPassword(
|
||||
});
|
||||
}
|
||||
|
||||
sendPasswordResetRequest(user.email, user.name);
|
||||
sendPasswordResetRequest(user.email, user.name || "Linkwarden User");
|
||||
|
||||
return res.status(200).json({
|
||||
response: "Password reset email sent.",
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import { prisma } from "@/lib/api/db";
|
||||
import updateCustomerEmail from "@/lib/api/updateCustomerEmail";
|
||||
import updateCustomerEmail from "@/lib/api/stripe/updateCustomerEmail";
|
||||
import { VerifyEmailSchema } from "@/lib/shared/schemaValidation";
|
||||
import type { NextApiRequest, NextApiResponse } from "next";
|
||||
|
||||
|
||||
@@ -3,7 +3,7 @@ import getUserById from "@/lib/api/controllers/users/userId/getUserById";
|
||||
import updateUserById from "@/lib/api/controllers/users/userId/updateUserById";
|
||||
import deleteUserById from "@/lib/api/controllers/users/userId/deleteUserById";
|
||||
import { prisma } from "@/lib/api/db";
|
||||
import verifySubscription from "@/lib/api/verifySubscription";
|
||||
import verifySubscription from "@/lib/api/stripe/verifySubscription";
|
||||
import verifyToken from "@/lib/api/verifyToken";
|
||||
|
||||
const STRIPE_SECRET_KEY = process.env.STRIPE_SECRET_KEY;
|
||||
@@ -11,6 +11,12 @@ const STRIPE_SECRET_KEY = process.env.STRIPE_SECRET_KEY;
|
||||
export default async function users(req: NextApiRequest, res: NextApiResponse) {
|
||||
const token = await verifyToken({ req });
|
||||
|
||||
const queryId = Number(req.query.id);
|
||||
|
||||
if (!queryId) {
|
||||
return res.status(400).json({ response: "Invalid request." });
|
||||
}
|
||||
|
||||
if (typeof token === "string") {
|
||||
res.status(401).json({ response: token });
|
||||
return null;
|
||||
@@ -24,12 +30,12 @@ export default async function users(req: NextApiRequest, res: NextApiResponse) {
|
||||
|
||||
const isServerAdmin = user?.id === Number(process.env.NEXT_PUBLIC_ADMIN || 1);
|
||||
|
||||
const userId = isServerAdmin ? Number(req.query.id) : token.id;
|
||||
|
||||
if (userId !== Number(req.query.id) && !isServerAdmin)
|
||||
return res.status(401).json({ response: "Permission denied." });
|
||||
const userId = token.id;
|
||||
|
||||
if (req.method === "GET") {
|
||||
if (userId !== queryId && !isServerAdmin)
|
||||
return res.status(401).json({ response: "Permission denied." });
|
||||
|
||||
const users = await getUserById(userId);
|
||||
return res.status(users.status).json({ response: users.response });
|
||||
}
|
||||
@@ -41,6 +47,7 @@ export default async function users(req: NextApiRequest, res: NextApiResponse) {
|
||||
},
|
||||
include: {
|
||||
subscriptions: true,
|
||||
parentSubscription: true,
|
||||
},
|
||||
});
|
||||
|
||||
@@ -58,6 +65,9 @@ export default async function users(req: NextApiRequest, res: NextApiResponse) {
|
||||
}
|
||||
|
||||
if (req.method === "PUT") {
|
||||
if (userId !== queryId && !isServerAdmin)
|
||||
return res.status(401).json({ response: "Permission denied." });
|
||||
|
||||
if (process.env.NEXT_PUBLIC_DEMO === "true")
|
||||
return res.status(400).json({
|
||||
response:
|
||||
@@ -73,7 +83,12 @@ export default async function users(req: NextApiRequest, res: NextApiResponse) {
|
||||
"This action is disabled because this is a read-only demo of Linkwarden.",
|
||||
});
|
||||
|
||||
const updated = await deleteUserById(userId, req.body, isServerAdmin);
|
||||
const updated = await deleteUserById(
|
||||
userId,
|
||||
req.body,
|
||||
isServerAdmin,
|
||||
queryId
|
||||
);
|
||||
return res.status(updated.status).json({ response: updated.response });
|
||||
}
|
||||
}
|
||||
|
||||
@@ -16,10 +16,9 @@ export default async function users(req: NextApiRequest, res: NextApiResponse) {
|
||||
} else if (req.method === "GET") {
|
||||
const user = await verifyUser({ req, res });
|
||||
|
||||
if (!user || user.id !== Number(process.env.NEXT_PUBLIC_ADMIN || 1))
|
||||
return res.status(401).json({ response: "Unauthorized..." });
|
||||
if (!user) return res.status(401).json({ response: "Unauthorized..." });
|
||||
|
||||
const response = await getUsers();
|
||||
const response = await getUsers(user);
|
||||
return res.status(response.status).json({ response: response.response });
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,119 @@
|
||||
import type { NextApiRequest, NextApiResponse } from "next";
|
||||
import Stripe from "stripe";
|
||||
import handleSubscription from "@/lib/api/stripe/handleSubscription";
|
||||
|
||||
export const config = {
|
||||
api: {
|
||||
bodyParser: false,
|
||||
},
|
||||
};
|
||||
|
||||
const buffer = (req: NextApiRequest) => {
|
||||
return new Promise<Buffer>((resolve, reject) => {
|
||||
const chunks: Buffer[] = [];
|
||||
|
||||
req.on("data", (chunk: Buffer) => {
|
||||
chunks.push(chunk);
|
||||
});
|
||||
|
||||
req.on("end", () => {
|
||||
resolve(Buffer.concat(chunks as any));
|
||||
});
|
||||
|
||||
req.on("error", reject);
|
||||
});
|
||||
};
|
||||
|
||||
export default async function webhook(
|
||||
req: NextApiRequest,
|
||||
res: NextApiResponse
|
||||
) {
|
||||
if (process.env.NEXT_PUBLIC_DEMO === "true")
|
||||
return res.status(400).json({
|
||||
response:
|
||||
"This action is disabled because this is a read-only demo of Linkwarden.",
|
||||
});
|
||||
|
||||
// see if stripe is already initialized
|
||||
if (!process.env.STRIPE_SECRET_KEY || !process.env.STRIPE_WEBHOOK_SECRET) {
|
||||
return res.status(400).json({
|
||||
response: "This action is disabled because Stripe is not initialized.",
|
||||
});
|
||||
}
|
||||
|
||||
let event = req.body;
|
||||
|
||||
const endpointSecret = process.env.STRIPE_WEBHOOK_SECRET;
|
||||
|
||||
const stripe = new Stripe(process.env.STRIPE_SECRET_KEY, {
|
||||
apiVersion: "2022-11-15",
|
||||
});
|
||||
|
||||
const signature = req.headers["stripe-signature"] as any;
|
||||
|
||||
try {
|
||||
const body = await buffer(req);
|
||||
event = stripe.webhooks.constructEvent(body, signature, endpointSecret);
|
||||
} catch (err) {
|
||||
console.error(err);
|
||||
return res.status(400).send("Webhook signature verification failed.");
|
||||
}
|
||||
|
||||
// Handle the event based on its type
|
||||
const eventType = event.type;
|
||||
const data = event.data.object;
|
||||
|
||||
try {
|
||||
switch (eventType) {
|
||||
case "customer.subscription.created":
|
||||
await handleSubscription({
|
||||
id: data.id,
|
||||
active: data.status === "active" || data.status === "trialing",
|
||||
quantity: data?.quantity ?? 1,
|
||||
periodStart: data.current_period_start,
|
||||
periodEnd: data.current_period_end,
|
||||
});
|
||||
break;
|
||||
|
||||
case "customer.subscription.updated":
|
||||
await handleSubscription({
|
||||
id: data.id,
|
||||
active: data.status === "active" || data.status === "trialing",
|
||||
quantity: data?.quantity ?? 1,
|
||||
periodStart: data.current_period_start,
|
||||
periodEnd: data.current_period_end,
|
||||
});
|
||||
break;
|
||||
|
||||
case "customer.subscription.deleted":
|
||||
await handleSubscription({
|
||||
id: data.id,
|
||||
active: false,
|
||||
quantity: data?.lines?.data[0]?.quantity ?? 1,
|
||||
periodStart: data.current_period_start,
|
||||
periodEnd: data.current_period_end,
|
||||
});
|
||||
break;
|
||||
|
||||
case "customer.subscription.cancelled":
|
||||
await handleSubscription({
|
||||
id: data.id,
|
||||
active: !(data.current_period_end * 1000 < Date.now()),
|
||||
quantity: data?.lines?.data[0]?.quantity ?? 1,
|
||||
periodStart: data.current_period_start,
|
||||
periodEnd: data.current_period_end,
|
||||
});
|
||||
break;
|
||||
|
||||
default:
|
||||
console.log(`Unhandled event type ${eventType}`);
|
||||
}
|
||||
} catch (error) {
|
||||
console.error("Error handling webhook event:", error);
|
||||
return res.status(500).send("Server Error");
|
||||
}
|
||||
|
||||
return res.status(200).json({
|
||||
response: "Done!",
|
||||
});
|
||||
}
|
||||
Reference in New Issue
Block a user