fix: fix authorization in user/:id
All checks were successful
Lint Codebase / lint (push) Successful in 1m3s
All checks were successful
Lint Codebase / lint (push) Successful in 1m3s
This commit is contained in:
parent
d9377a9731
commit
a4173e24ba
|
@ -1,7 +1,8 @@
|
||||||
import { ErrorResponse, User } from '@/interfaces';
|
import { ErrorResponse, User } from '@/interfaces';
|
||||||
|
|
||||||
import Database from '@/lib/Database';
|
import Database from '@/lib/Database';
|
||||||
import { reqHasValidToken } from '@/utils/auth_util';
|
import { getAuthenticatedUser, reqHasValidToken } from '@/utils/auth_util';
|
||||||
|
import { getPermission, hasPermission, Permission, PermissionNamed } from '@/utils/permissions';
|
||||||
|
|
||||||
import type { NextApiRequest, NextApiResponse } from 'next';
|
import type { NextApiRequest, NextApiResponse } from 'next';
|
||||||
|
|
||||||
|
@ -13,7 +14,22 @@ export default async function handler(
|
||||||
|
|
||||||
const { id } = req.query;
|
const { id } = req.query;
|
||||||
|
|
||||||
const valid = await reqHasValidToken(req);
|
let shouldShowSensitive = false;
|
||||||
|
|
||||||
|
// tf was I on?
|
||||||
|
// const valid = await reqHasValidToken(req);
|
||||||
|
|
||||||
|
// thats better
|
||||||
|
const vUser = await getAuthenticatedUser(req);
|
||||||
|
|
||||||
|
if (!vUser)
|
||||||
|
shouldShowSensitive = false;
|
||||||
|
|
||||||
|
if (
|
||||||
|
hasPermission(getPermission(vUser!.permissions), Permission.SuperAdmin) ||
|
||||||
|
vUser!.id === BigInt(id as string)
|
||||||
|
)
|
||||||
|
shouldShowSensitive = true;
|
||||||
|
|
||||||
if ((/^\d+$/).test(id as string)) {
|
if ((/^\d+$/).test(id as string)) {
|
||||||
let user = await db.getUser((id as string));
|
let user = await db.getUser((id as string));
|
||||||
|
@ -24,12 +40,11 @@ export default async function handler(
|
||||||
message: 'User Not Found'
|
message: 'User Not Found'
|
||||||
});
|
});
|
||||||
|
|
||||||
// TODO: check if user is admin or itself and show email and discordId
|
|
||||||
user = {
|
user = {
|
||||||
...user,
|
...user,
|
||||||
|
|
||||||
email: valid ? user.email : undefined,
|
email: shouldShowSensitive ? user.email : undefined,
|
||||||
discordId: valid ? user.discordId : undefined,
|
discordId: shouldShowSensitive ? user.discordId : undefined,
|
||||||
};
|
};
|
||||||
|
|
||||||
res.status(200).json(user);
|
res.status(200).json(user);
|
||||||
|
@ -47,8 +62,8 @@ export default async function handler(
|
||||||
user = {
|
user = {
|
||||||
...user,
|
...user,
|
||||||
|
|
||||||
email: valid ? user.email : undefined,
|
email: shouldShowSensitive ? user.email : undefined,
|
||||||
discordId: valid ? user.discordId : undefined,
|
discordId: shouldShowSensitive ? user.discordId : undefined,
|
||||||
};
|
};
|
||||||
|
|
||||||
res.status(200).json(user);
|
res.status(200).json(user);
|
||||||
|
|
Loading…
Reference in a new issue