egutierrez/linkwarden
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

support for bearer tokens

Browse Source
This commit is contained in:
daniel31x13
2023-11-02 14:59:31 -04:00
parent b458fad567
commit ae1889e757
27 changed files with 148 additions and 436 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pages/api/v1/archives/[...params].ts
+5 -13
View File
@@ -1,28 +1,20 @@
import type { NextApiRequest, NextApiResponse } from "next";
import { getServerSession } from "next-auth/next";
import { authOptions } from "@/pages/api/v1/auth/[...nextauth]";
import getPermission from "@/lib/api/getPermission";
import readFile from "@/lib/api/storage/readFile";
import authenticateUser from "@/lib/api/authenticateUser";
export default async function Index(req: NextApiRequest, res: NextApiResponse) {
if (!req.query.params)
return res.status(401).json({ response: "Invalid parameters." });
const user = await authenticateUser({ req, res });
if (!user) return res.status(404).json({ response: "User not found." });
const collectionId = req.query.params[0];
const linkId = req.query.params[1];
const session = await getServerSession(req, res, authOptions);
if (!session?.user?.username)
return res.status(401).json({ response: "You must be logged in." });
else if (session?.user?.isSubscriber === false)
return res.status(401).json({
response:
"You are not a subscriber, feel free to reach out to us at support@linkwarden.app in case of any issues.",
});
const collectionIsAccessible = await getPermission({
userId: session.user.id,
userId: user.id,
collectionId: Number(collectionId),
});
pages/api/v1/auth/[...nextauth].ts
+11 -10
View File
@@ -18,7 +18,7 @@ const providers: Provider[] = [
type: "credentials",
credentials: {},
async authorize(credentials, req) {
console.log("User logged in...");
console.log("User logged in attempt...");
if (!credentials) return null;
const { username, password } = credentials as {
@@ -51,7 +51,7 @@ const providers: Provider[] = [
}
if (passwordMatches) {
return findUser;
return { id: findUser?.id };
} else return null as any;
},
}),
@@ -101,9 +101,15 @@ export const authOptions: AuthOptions = {
STRIPE_SECRET_KEY &&
(trigger || subscriptionIsTimesUp || !token.isSubscriber)
) {
const user = await prisma.user.findUnique({
where: {
id: Number(token.sub),
},
});
const subscription = await checkSubscription(
STRIPE_SECRET_KEY,
token.email as string
user?.email as string
);
if (subscription.subscriptionCanceledAt) {
@@ -115,27 +121,22 @@ export const authOptions: AuthOptions = {
if (trigger === "signIn") {
token.id = user.id as number;
token.username = (user as any).username;
} else if (trigger === "update" && token.id) {
console.log(token);
const user = await prisma.user.findUnique({
where: {
id: token.id as number,
},
});
if (user?.name && user.username && user.email) {
if (user?.name) {
token.name = user.name;
token.username = user.username?.toLowerCase();
token.email = user.email?.toLowerCase();
}
}
return token;
},
async session({ session, token }) {
session.user.id = token.id;
session.user.username = token.username;
session.user.isSubscriber = token.isSubscriber;
return session;
pages/api/v1/avatar/[id].ts
+9 -18
View File
@@ -1,26 +1,13 @@
import type { NextApiRequest, NextApiResponse } from "next";
import { getServerSession } from "next-auth/next";
import { authOptions } from "@/pages/api/v1/auth/[...nextauth]";
import { prisma } from "@/lib/api/db";
import readFile from "@/lib/api/storage/readFile";
import authenticateUser from "@/lib/api/authenticateUser";
export default async function Index(req: NextApiRequest, res: NextApiResponse) {
const session = await getServerSession(req, res, authOptions);
const userId = session?.user.id;
const username = session?.user.username?.toLowerCase();
const queryId = Number(req.query.id);
if (!userId || !username)
return res
.setHeader("Content-Type", "text/plain")
.status(401)
.send("You must be logged in.");
else if (session?.user?.isSubscriber === false)
return res.status(401).json({
response:
"You are not a subscriber, feel free to reach out to us at support@linkwarden.app in case of any issues.",
});
const user = await authenticateUser({ req, res });
if (!user) return res.status(404).json({ response: "User not found." });
if (!queryId)
return res
@@ -28,7 +15,7 @@ export default async function Index(req: NextApiRequest, res: NextApiResponse) {
.status(401)
.send("Invalid parameters.");
if (userId !== queryId) {
if (user.id !== queryId) {
const targetUser = await prisma.user.findUnique({
where: {
id: queryId,
@@ -42,7 +29,11 @@ export default async function Index(req: NextApiRequest, res: NextApiResponse) {
(whitelistedUsername) => whitelistedUsername.username
);
if (targetUser?.isPrivate && !whitelistedUsernames?.includes(username)) {
if (
targetUser?.isPrivate &&
user.username &&
!whitelistedUsernames?.includes(user.username)
) {
return res
.setHeader("Content-Type", "text/plain")
.status(400)
pages/api/v1/collections/[id].ts
+5 -13
View File
@@ -1,33 +1,25 @@
import type { NextApiRequest, NextApiResponse } from "next";
import { getServerSession } from "next-auth/next";
import { authOptions } from "@/pages/api/v1/auth/[...nextauth]";
import updateCollectionById from "@/lib/api/controllers/collections/collectionId/updateCollectionById";
import deleteCollectionById from "@/lib/api/controllers/collections/collectionId/deleteCollectionById";
import authenticateUser from "@/lib/api/authenticateUser";
export default async function collections(
req: NextApiRequest,
res: NextApiResponse
) {
const session = await getServerSession(req, res, authOptions);
if (!session?.user?.id) {
return res.status(401).json({ response: "You must be logged in." });
} else if (session?.user?.isSubscriber === false)
return res.status(401).json({
response:
"You are not a subscriber, feel free to reach out to us at support@linkwarden.app in case of any issues.",
});
const user = await authenticateUser({ req, res });
if (!user) return res.status(404).json({ response: "User not found." });
if (req.method === "PUT") {
const updated = await updateCollectionById(
session.user.id,
user.id,
Number(req.query.id) as number,
req.body
);
return res.status(updated.status).json({ response: updated.response });
} else if (req.method === "DELETE") {
const deleted = await deleteCollectionById(
session.user.id,
user.id,
Number(req.query.id) as number
);
return res.status(deleted.status).json({ response: deleted.response });
pages/api/v1/collections/index.ts
+5 -13
View File
@@ -1,30 +1,22 @@
import type { NextApiRequest, NextApiResponse } from "next";
import { getServerSession } from "next-auth/next";
import { authOptions } from "@/pages/api/v1/auth/[...nextauth]";
import getCollections from "@/lib/api/controllers/collections/getCollections";
import postCollection from "@/lib/api/controllers/collections/postCollection";
import authenticateUser from "@/lib/api/authenticateUser";
export default async function collections(
req: NextApiRequest,
res: NextApiResponse
) {
const session = await getServerSession(req, res, authOptions);
if (!session?.user?.id) {
return res.status(401).json({ response: "You must be logged in." });
} else if (session?.user?.isSubscriber === false)
return res.status(401).json({
response:
"You are not a subscriber, feel free to reach out to us at support@linkwarden.app in case of any issues.",
});
const user = await authenticateUser({ req, res });
if (!user) return res.status(404).json({ response: "User not found." });
if (req.method === "GET") {
const collections = await getCollections(session.user.id);
const collections = await getCollections(user.id);
return res
.status(collections.status)
.json({ response: collections.response });
} else if (req.method === "POST") {
const newCollection = await postCollection(req.body, session.user.id);
const newCollection = await postCollection(req.body, user.id);
return res
.status(newCollection.status)
.json({ response: newCollection.response });
pages/api/v1/dashboard/index.ts
+4 -12
View File
@@ -1,19 +1,11 @@
import type { NextApiRequest, NextApiResponse } from "next";
import { getServerSession } from "next-auth/next";
import { authOptions } from "@/pages/api/v1/auth/[...nextauth]";
import { LinkRequestQuery } from "@/types/global";
import getDashboardData from "@/lib/api/controllers/dashboard/getDashboardData";
import authenticateUser from "@/lib/api/authenticateUser";
export default async function links(req: NextApiRequest, res: NextApiResponse) {
const session = await getServerSession(req, res, authOptions);
if (!session?.user?.id) {
return res.status(401).json({ response: "You must be logged in." });
} else if (session?.user?.isSubscriber === false)
return res.status(401).json({
response:
"You are not a subscriber, feel free to reach out to us at support@linkwarden.app in case of any issues.",
});
const user = await authenticateUser({ req, res });
if (!user) return res.status(404).json({ response: "User not found." });
if (req.method === "GET") {
const convertedData: LinkRequestQuery = {
@@ -21,7 +13,7 @@ export default async function links(req: NextApiRequest, res: NextApiResponse) {
cursor: req.query.cursor ? Number(req.query.cursor as string) : undefined,
};
const links = await getDashboardData(session.user.id, convertedData);
const links = await getDashboardData(user.id, convertedData);
return res.status(links.status).json({ response: links.response });
}
}
pages/api/v1/getToken.ts
+3 -3
View File
@@ -4,7 +4,7 @@ import { getToken } from "next-auth/jwt";
export default async (req: NextApiRequest, res: NextApiResponse) => {
// if using `NEXTAUTH_SECRET` env variable, we detect it, and you won't actually need to `secret`
// const token = await getToken({ req })
const token = await getToken({ req });
console.log("JSON Web Token", token);
res.end();
// const token = await getToken({ req });
// console.log("JSON Web Token", token);
// res.end();
};
pages/api/v1/links/[id]/archive/index.ts
+5 -13
View File
@@ -1,21 +1,13 @@
import type { NextApiRequest, NextApiResponse } from "next";
import { getServerSession } from "next-auth/next";
import { authOptions } from "@/pages/api/v1/auth/[...nextauth]";
import archive from "@/lib/api/archive";
import { prisma } from "@/lib/api/db";
import authenticateUser from "@/lib/api/authenticateUser";
const RE_ARCHIVE_LIMIT = Number(process.env.RE_ARCHIVE_LIMIT) || 5;
export default async function links(req: NextApiRequest, res: NextApiResponse) {
const session = await getServerSession(req, res, authOptions);
if (!session?.user?.id) {
return res.status(401).json({ response: "You must be logged in." });
} else if (session?.user?.isSubscriber === false)
return res.status(401).json({
response:
"You are not a subscriber, feel free to reach out to us at support@linkwarden.app in case of any issues.",
});
const user = await authenticateUser({ req, res });
if (!user) return res.status(404).json({ response: "User not found." });
const link = await prisma.link.findUnique({
where: {
@@ -29,7 +21,7 @@ export default async function links(req: NextApiRequest, res: NextApiResponse) {
response: "Link not found.",
});
if (link.collection.ownerId !== session.user.id)
if (link.collection.ownerId !== user.id)
return res.status(401).json({
response: "Permission denied.",
});
@@ -49,7 +41,7 @@ export default async function links(req: NextApiRequest, res: NextApiResponse) {
} minutes or create a new one.`,
});
archive(link.id, link.url, session.user.id);
archive(link.id, link.url, user.id);
return res.status(200).json({
response: "Link is being archived.",
});
pages/api/v1/links/[id]/index.ts
+6 -14
View File
@@ -1,29 +1,21 @@
import type { NextApiRequest, NextApiResponse } from "next";
import { getServerSession } from "next-auth/next";
import { authOptions } from "@/pages/api/v1/auth/[...nextauth]";
import deleteLinkById from "@/lib/api/controllers/links/linkId/deleteLinkById";
import updateLinkById from "@/lib/api/controllers/links/linkId/updateLinkById";
import getLinkById from "@/lib/api/controllers/links/linkId/getLinkById";
import authenticateUser from "@/lib/api/authenticateUser";
export default async function links(req: NextApiRequest, res: NextApiResponse) {
const session = await getServerSession(req, res, authOptions);
if (!session?.user?.id) {
return res.status(401).json({ response: "You must be logged in." });
} else if (session?.user?.isSubscriber === false)
return res.status(401).json({
response:
"You are not a subscriber, feel free to reach out to us at support@linkwarden.app in case of any issues.",
});
const user = await authenticateUser({ req, res });
if (!user) return res.status(404).json({ response: "User not found." });
if (req.method === "GET") {
const updated = await getLinkById(session.user.id, Number(req.query.id));
const updated = await getLinkById(user.id, Number(req.query.id));
return res.status(updated.status).json({
response: updated.response,
});
} else if (req.method === "PUT") {
const updated = await updateLinkById(
session.user.id,
user.id,
Number(req.query.id),
req.body
);
@@ -31,7 +23,7 @@ export default async function links(req: NextApiRequest, res: NextApiResponse) {
response: updated.response,
});
} else if (req.method === "DELETE") {
const deleted = await deleteLinkById(session.user.id, Number(req.query.id));
const deleted = await deleteLinkById(user.id, Number(req.query.id));
return res.status(deleted.status).json({
response: deleted.response,
});
pages/api/v1/links/index.ts
+5 -18
View File
@@ -1,25 +1,12 @@
import type { NextApiRequest, NextApiResponse } from "next";
import { getServerSession } from "next-auth/next";
import { authOptions } from "@/pages/api/v1/auth/[...nextauth]";
import getLinks from "@/lib/api/controllers/links/getLinks";
import postLink from "@/lib/api/controllers/links/postLink";
import { LinkRequestQuery } from "@/types/global";
import { getToken } from "next-auth/jwt";
import authenticateUser from "@/lib/api/authenticateUser";
export default async function links(req: NextApiRequest, res: NextApiResponse) {
const token = await getToken({ req });
// const session = await getServerSession(req, res, authOptions);
return res.status(200).json(token);
if (!session?.user?.id) {
return res.status(401).json({ response: "You must be logged in." });
} else if (session?.user?.isSubscriber === false)
return res.status(401).json({
response:
"You are not a subscriber, feel free to reach out to us at support@linkwarden.app in case of any issues.",
});
const user = await authenticateUser({ req, res });
if (!user) return res.status(404).json({ response: "User not found." });
if (req.method === "GET") {
// Convert the type of the request query to "LinkRequestQuery"
@@ -45,10 +32,10 @@ export default async function links(req: NextApiRequest, res: NextApiResponse) {
searchByTags: req.query.searchByTags === "true" ? true : undefined,
};
const links = await getLinks(session.user.id, convertedData);
const links = await getLinks(user.id, convertedData);
return res.status(links.status).json({ response: links.response });
} else if (req.method === "POST") {
const newlink = await postLink(req.body, session.user.id);
const newlink = await postLink(req.body, user.id);
return res.status(newlink.status).json({
response: newlink.response,
});
pages/api/v1/migration/index.ts
+6 -14
View File
@@ -1,10 +1,9 @@
import type { NextApiRequest, NextApiResponse } from "next";
import { getServerSession } from "next-auth/next";
import { authOptions } from "@/pages/api/v1/auth/[...nextauth]";
import exportData from "@/lib/api/controllers/migration/exportData";
import importFromHTMLFile from "@/lib/api/controllers/migration/importFromHTMLFile";
import importFromLinkwarden from "@/lib/api/controllers/migration/importFromLinkwarden";
import { MigrationFormat, MigrationRequest } from "@/types/global";
import authenticateUser from "@/lib/api/authenticateUser";
export const config = {
api: {
@@ -15,18 +14,11 @@ export const config = {
};
export default async function users(req: NextApiRequest, res: NextApiResponse) {
const session = await getServerSession(req, res, authOptions);
if (!session?.user.id) {
return res.status(401).json({ response: "You must be logged in." });
} else if (session?.user?.isSubscriber === false)
return res.status(401).json({
response:
"You are not a subscriber, feel free to reach out to us at support@linkwarden.app in case of any issues.",
});
const user = await authenticateUser({ req, res });
if (!user) return res.status(404).json({ response: "User not found." });
if (req.method === "GET") {
const data = await exportData(session.user.id);
const data = await exportData(user.id);
if (data.status === 200)
return res
@@ -39,10 +31,10 @@ export default async function users(req: NextApiRequest, res: NextApiResponse) {
let data;
if (request.format === MigrationFormat.htmlFile)
data = await importFromHTMLFile(session.user.id, request.data);
data = await importFromHTMLFile(user.id, request.data);
if (request.format === MigrationFormat.linkwarden)
data = await importFromLinkwarden(session.user.id, request.data);
data = await importFromLinkwarden(user.id, request.data);
if (data) return res.status(data.status).json({ response: data.response });
}
pages/api/v1/payment/index.ts
+6 -7
View File
@@ -1,21 +1,20 @@
import type { NextApiRequest, NextApiResponse } from "next";
import { getServerSession } from "next-auth/next";
import { authOptions } from "@/pages/api/v1/auth/[...nextauth]";
import paymentCheckout from "@/lib/api/paymentCheckout";
import { Plan } from "@/types/global";
import authenticateUser from "@/lib/api/authenticateUser";
export default async function users(req: NextApiRequest, res: NextApiResponse) {
const STRIPE_SECRET_KEY = process.env.STRIPE_SECRET_KEY;
const MONTHLY_PRICE_ID = process.env.MONTHLY_PRICE_ID;
const YEARLY_PRICE_ID = process.env.YEARLY_PRICE_ID;
const session = await getServerSession(req, res, authOptions);
if (!session?.user?.id)
return res.status(401).json({ response: "You must be logged in." });
else if (!STRIPE_SECRET_KEY || !MONTHLY_PRICE_ID || !YEARLY_PRICE_ID) {
if (!STRIPE_SECRET_KEY || !MONTHLY_PRICE_ID || !YEARLY_PRICE_ID) {
return res.status(400).json({ response: "Payment is disabled." });
}
const user = await authenticateUser({ req, res });
if (!user) return res.status(404).json({ response: "User not found." });
let PRICE_ID = MONTHLY_PRICE_ID;
if ((Number(req.query.plan) as unknown as Plan) === Plan.monthly)
@@ -26,7 +25,7 @@ export default async function users(req: NextApiRequest, res: NextApiResponse) {
if (req.method === "GET") {
const users = await paymentCheckout(
STRIPE_SECRET_KEY,
session?.user.email,
user.email as string,
PRICE_ID
);
return res.status(users.status).json({ response: users.response });
pages/api/v1/tags/[id].ts
+4 -12
View File
@@ -1,23 +1,15 @@
import type { NextApiRequest, NextApiResponse } from "next";
import { getServerSession } from "next-auth/next";
import { authOptions } from "@/pages/api/v1/auth/[...nextauth]";
import updateTag from "@/lib/api/controllers/tags/tagId/updeteTagById";
import authenticateUser from "@/lib/api/authenticateUser";
export default async function tags(req: NextApiRequest, res: NextApiResponse) {
const session = await getServerSession(req, res, authOptions);
if (!session?.user?.username) {
return res.status(401).json({ response: "You must be logged in." });
} else if (session?.user?.isSubscriber === false)
return res.status(401).json({
response:
"You are not a subscriber, feel free to reach out to us at support@linkwarden.app in case of any issues.",
});
const user = await authenticateUser({ req, res });
if (!user) return res.status(404).json({ response: "User not found." });
const tagId = Number(req.query.id);
if (req.method === "PUT") {
const tags = await updateTag(session.user.id, tagId, req.body);
const tags = await updateTag(user.id, tagId, req.body);
return res.status(tags.status).json({ response: tags.response });
}
}
pages/api/v1/tags/index.ts
+4 -12
View File
@@ -1,21 +1,13 @@
import type { NextApiRequest, NextApiResponse } from "next";
import { getServerSession } from "next-auth/next";
import { authOptions } from "@/pages/api/v1/auth/[...nextauth]";
import getTags from "@/lib/api/controllers/tags/getTags";
import authenticateUser from "@/lib/api/authenticateUser";
export default async function tags(req: NextApiRequest, res: NextApiResponse) {
const session = await getServerSession(req, res, authOptions);
if (!session?.user?.username) {
return res.status(401).json({ response: "You must be logged in." });
} else if (session?.user?.isSubscriber === false)
return res.status(401).json({
response:
"You are not a subscriber, feel free to reach out to us at support@linkwarden.app in case of any issues.",
});
const user = await authenticateUser({ req, res });
if (!user) return res.status(404).json({ response: "User not found." });
if (req.method === "GET") {
const tags = await getTags(session.user.id);
const tags = await getTags(user.id);
return res.status(tags.status).json({ response: tags.response });
}
}
pages/api/v1/users/[id].ts
+19 -19
View File
@@ -1,15 +1,23 @@
import type { NextApiRequest, NextApiResponse } from "next";
import { getServerSession } from "next-auth/next";
import { authOptions } from "@/pages/api/v1/auth/[...nextauth]";
import getUserById from "@/lib/api/controllers/users/userId/getUserById";
import getPublicUserById from "@/lib/api/controllers/users/userId/getPublicUserById";
import updateUserById from "@/lib/api/controllers/users/userId/updateUserById";
import deleteUserById from "@/lib/api/controllers/users/userId/deleteUserById";
import authenticateUser from "@/lib/api/authenticateUser";
import { prisma } from "@/lib/api/db";
import { getToken } from "next-auth/jwt";
export default async function users(req: NextApiRequest, res: NextApiResponse) {
const session = await getServerSession(req, res, authOptions);
const userId = session?.user.id;
const username = session?.user.username;
const token = await getToken({ req });
const userId = token?.id;
if (!token?.id)
return res.status(400).json({ response: "Invalid parameters." });
const username = (await prisma.user.findUnique({ where: { id: token.id } }))
?.username;
if (!username) return res.status(404).json({ response: "User not found." });
const lookupId = req.query.id as string;
const isSelf =
@@ -23,26 +31,18 @@ export default async function users(req: NextApiRequest, res: NextApiResponse) {
return res.status(users.status).json({ response: users.response });
}
if (!userId) {
return res.status(401).json({ response: "You must be logged in." });
} else if (session?.user?.isSubscriber === false)
return res.status(401).json({
response:
"You are not a subscriber, feel free to reach out to us at support@linkwarden.app in case of any issues.",
});
const user = await authenticateUser({ req, res });
if (!user) return res.status(404).json({ response: "User not found." });
if (req.method === "GET") {
const users = await getUserById(session.user.id);
const users = await getUserById(user.id);
return res.status(users.status).json({ response: users.response });
} else if (req.method === "PUT") {
const updated = await updateUserById(session.user, req.body);
const updated = await updateUserById(user.id, req.body);
return res.status(updated.status).json({ response: updated.response });
} else if (
req.method === "DELETE" &&
session.user.id === Number(req.query.id)
) {
} else if (req.method === "DELETE" && user.id === Number(req.query.id)) {
console.log(req.body);
const updated = await deleteUserById(session.user.id, req.body);
const updated = await deleteUserById(user.id, req.body);
return res.status(updated.status).json({ response: updated.response });
}
}
pages/api/v1/webhooks/stripe/index.ts
-62
View File
@@ -1,62 +0,0 @@
// TODO - Stripe webhooks for user cancellation...
// import { NextApiRequest, NextApiResponse } from "next";
// import Stripe from "stripe";
// import { buffer } from "micro";
// import { prisma } from "@/lib/api/db";
// const stripe = new Stripe(process.env.STRIPE_SECRET_KEY as string, {
// apiVersion: "2022-11-15",
// });
// const endpointSecret =
// "whsec_7c144bcd924041257e3d83eac1e2fba9c8a938b240fd8adb1c902f079e0cdee0";
// export const config = {
// api: {
// bodyParser: false,
// },
// };
// export default async function handler(
// req: NextApiRequest,
// res: NextApiResponse
// ) {
// if (req.method === "POST") {
// const buf = await buffer(req);
// const sig = req.headers["stripe-signature"];
// let event: Stripe.Event;
// try {
// if (!sig) throw new Error("Stripe Signature is not defined.");
// event = stripe.webhooks.constructEvent(buf, sig, endpointSecret);
// } catch (err) {
// console.log(err);
// return res.status(400).send({ response: "Error..." });
// }
// // Handle the event
// switch (event.type) {
// case "customer.subscription.deleted":
// const customerSubscriptionDeleted = event.data.object as any;
// // Revoke all the token under the customers email...
// const customer = (await stripe.customers.retrieve(
// customerSubscriptionDeleted.customer
// )) as any;
// if (customer?.email) {
// // Revoke tokens inside the database
// }
// break;
// // ... handle other event types
// default:
// console.log(`Unhandled event type ${event.type}`);
// }
// return res.status(200).send({ response: "Done!" });
// }
// }