From 5a2de07c39f3174fffb6778755e4711813f2a2ee Mon Sep 17 00:00:00 2001 From: Arthur Langley Date: Tue, 9 Jan 2024 23:17:00 +0000 Subject: [PATCH] feat(server/trpc): updateSite to new rbac authentiction plus a few minor clean ups --- apps/app/server/trpc/router/site.ts | 169 ------------------ apps/app/server/trpc/router/site/index.ts | 4 +- .../app/server/trpc/router/site/updatePage.ts | 48 ++--- .../app/server/trpc/router/site/updateSite.ts | 54 ++++++ apps/app/server/trpc/trpc.ts | 1 - 5 files changed, 81 insertions(+), 195 deletions(-) delete mode 100644 apps/app/server/trpc/router/site.ts create mode 100644 apps/app/server/trpc/router/site/updateSite.ts diff --git a/apps/app/server/trpc/router/site.ts b/apps/app/server/trpc/router/site.ts deleted file mode 100644 index 5e60b807..00000000 --- a/apps/app/server/trpc/router/site.ts +++ /dev/null @@ -1,169 +0,0 @@ -import { hasPerms, Perms } from '@server/utils/hasPerms'; -import { TRPCError } from '@trpc/server'; -import { serverSanitize } from '@utils/sanitize'; -import { z } from 'zod'; -import { router, protectedProcedure, publicProcedure } from '../trpc'; -import * as Sentry from '@sentry/nextjs'; - -export const siteRouter = router({ - getSiteData: publicProcedure - .meta({ openapi: { method: 'GET', path: '/site/site' } }) - .input( - z - .object({ - siteName: z.string(), - }) - .transform(input => { - return { - siteName: serverSanitize(input.siteName), - }; - }), - ) - .output( - z.object({ - name: z.string(), - maintenance: z.boolean(), - isCustomAlert: z.boolean(), - alertTitle: z.string().nullable(), - alertDescription: z.string().nullable(), - }), - ) - .query(async ({ input, ctx }) => { - const siteData = await ctx.prisma.waldoSite.findUnique({ - where: { - name: input.siteName, - }, - }); - if (siteData == null) { - throw new TRPCError({ - code: 'NOT_FOUND', - message: 'Waldo Vision Page not found in the database.', - }); - } - return siteData; - }), - updatePage: protectedProcedure - .meta({ openapi: { method: 'POST', path: '/site/page' } }) - .input( - z - .object({ - name: z.string(), - maintenance: z.boolean(), - isCustomAlert: z.boolean(), - alertTitle: z.string().nullable(), - alertDescription: z.string().nullable(), - }) - .transform(input => { - return { - name: serverSanitize(input.name), - maintenance: input.maintenance, - isCustomAlert: input.isCustomAlert, - alertTitle: - input.alertTitle === null - ? null - : serverSanitize(input.alertTitle), - alertDescription: - input.alertDescription === null - ? null - : serverSanitize(input.alertDescription), - }; - }), - ) - .output(z.object({ message: z.string() })) - .mutation(async ({ input, ctx }) => { - if ( - !hasPerms({ - userId: ctx.session.user.id, - userRole: ctx.session.user.role, - requiredPerms: Perms.roleMod, - blacklisted: ctx.session.user.blacklisted, - }) - ) - throw new TRPCError({ - code: 'UNAUTHORIZED', - }); - - const updatePage = await ctx.prisma.waldoPage.update({ - where: { - name: input.name, - }, - data: { - maintenance: input.maintenance, - isCustomAlert: input.isCustomAlert, - alertTitle: input.alertTitle, - alertDescription: input.alertDescription, - }, - }); - if (updatePage == null) { - throw new TRPCError({ - code: 'NOT_FOUND', - message: 'Waldo Vision Page not found in the database.', - }); - } - // no error checking because the docs will never be deleted. - return { - message: `Updated page ${input.name}'s maintenance value to ${input.maintenance}`, - }; - }), - updateSite: protectedProcedure - .meta({ openapi: { method: 'POST', path: '/site/site' } }) - .input( - z - .object({ - maintenance: z.boolean(), - isCustomAlert: z.boolean(), - alertTitle: z.string().nullable(), - alertDescription: z.string().nullable(), - }) - .transform(input => { - return { - maintenance: input.maintenance, - isCustomAlert: input.isCustomAlert, - alertTitle: - input.alertTitle === null - ? null - : serverSanitize(input.alertTitle), - alertDescription: - input.alertDescription === null - ? null - : serverSanitize(input.alertDescription), - }; - }), - ) - .output(z.object({ message: z.string() })) - .mutation(async ({ input, ctx }) => { - if ( - !hasPerms({ - userId: ctx.session.user.id, - userRole: ctx.session.user.role, - requiredPerms: Perms.roleMod, - blacklisted: ctx.session.user.blacklisted, - }) - ) - throw new TRPCError({ - code: 'UNAUTHORIZED', - }); - - const updateSite = await ctx.prisma.waldoSite.update({ - where: { - name: 'waldo', - }, - data: { - maintenance: input.maintenance, - isCustomAlert: input.isCustomAlert, - alertDescription: input.alertDescription, - alertTitle: input.alertTitle, - }, - }); - if (updateSite == null) { - throw new TRPCError({ - code: 'NOT_FOUND', - message: 'Site not found in the database.', - }); - } - // no error checking because the docs will never be deleted. - return { - message: `Updated site.`, - }; - }), -}); diff --git a/apps/app/server/trpc/router/site/index.ts b/apps/app/server/trpc/router/site/index.ts index c25612ac..7e60673d 100644 --- a/apps/app/server/trpc/router/site/index.ts +++ b/apps/app/server/trpc/router/site/index.ts @@ -1,11 +1,13 @@ -import { router, protectedProcedure, publicProcedure } from '../../trpc'; +import { router } from '../../trpc'; import getPageData from './getPageData'; import getSiteData from './getSiteData'; import updatePage from './updatePage'; +import updateSite from './updateSite'; export const siteRouter = router({ getPageData, getSiteData, updatePage, + updateSite }); \ No newline at end of file diff --git a/apps/app/server/trpc/router/site/updatePage.ts b/apps/app/server/trpc/router/site/updatePage.ts index ec503683..095b4778 100644 --- a/apps/app/server/trpc/router/site/updatePage.ts +++ b/apps/app/server/trpc/router/site/updatePage.ts @@ -29,28 +29,28 @@ const zodOutput = z.object({ message: z.string() }); export default rbacProtectedProcedure(["write:all", "write:pagemetadata"]) .meta({ openapi: { method: 'POST', path: '/site/page' } }) - .input(zodInput) - .output(zodOutput) - .mutation(async ({ input, ctx }) => { - const updatePage = await ctx.prisma.waldoPage.update({ - where: { - name: input.name, - }, - data: { - maintenance: input.maintenance, - isCustomAlert: input.isCustomAlert, - alertTitle: input.alertTitle, - alertDescription: input.alertDescription, - }, - }); - if (updatePage == null) { - throw new TRPCError({ - code: 'NOT_FOUND', - message: 'Waldo Vision Page not found in the database.', - }); - } - // no error checking because the docs will never be deleted. - return { - message: `Updated page ${input.name}'s maintenance value to ${input.maintenance}`, - }; +.input(zodInput) +.output(zodOutput) +.mutation(async ({ input, ctx }) => { + const updatePage = await ctx.prisma.waldoPage.update({ + where: { + name: input.name, + }, + data: { + maintenance: input.maintenance, + isCustomAlert: input.isCustomAlert, + alertTitle: input.alertTitle, + alertDescription: input.alertDescription, + }, + }); + if (updatePage == null) { + throw new TRPCError({ + code: 'NOT_FOUND', + message: 'Waldo Vision Page not found in the database.', + }); + } + // no error checking because the docs will never be deleted. + return { + message: `Updated page ${input.name}'s maintenance value to ${input.maintenance}`, + }; }); \ No newline at end of file diff --git a/apps/app/server/trpc/router/site/updateSite.ts b/apps/app/server/trpc/router/site/updateSite.ts new file mode 100644 index 00000000..3019b647 --- /dev/null +++ b/apps/app/server/trpc/router/site/updateSite.ts @@ -0,0 +1,54 @@ +import { rbacProtectedProcedure } from "@server/trpc/trpc"; +import { TRPCError } from "@trpc/server"; +import { serverSanitize } from "@utils/sanitize"; +import { z } from "zod"; + +const zodInput = z.object({ + maintenance: z.boolean(), + isCustomAlert: z.boolean(), + alertTitle: z.string().nullable(), + alertDescription: z.string().nullable(), +}).transform(input => { + return { + maintenance: input.maintenance, + isCustomAlert: input.isCustomAlert, + alertTitle: + input.alertTitle === null + ? null + : serverSanitize(input.alertTitle), + alertDescription: + input.alertDescription === null + ? null + : serverSanitize(input.alertDescription), + }; +}) + +const zodOutput = z.object({ message: z.string() }); + +export default rbacProtectedProcedure(["write:all", "write:sitemetadata"]) +.meta({ openapi: { method: 'POST', path: '/site/site' } }) +.input(zodInput) +.output(zodOutput) +.mutation(async ({ input, ctx }) => { + const updateSite = await ctx.prisma.waldoSite.update({ + where: { + name: 'waldo', + }, + data: { + maintenance: input.maintenance, + isCustomAlert: input.isCustomAlert, + alertDescription: input.alertDescription, + alertTitle: input.alertTitle, + }, + }); + if (updateSite == null) { + throw new TRPCError({ + code: 'NOT_FOUND', + message: 'Site not found in the database.', + }); + } + // no error checking because the docs will never be deleted. + return { + message: `Updated site.`, + }; +}); \ No newline at end of file diff --git a/apps/app/server/trpc/trpc.ts b/apps/app/server/trpc/trpc.ts index d7e1abbc..1c8b8369 100644 --- a/apps/app/server/trpc/trpc.ts +++ b/apps/app/server/trpc/trpc.ts @@ -138,7 +138,6 @@ export const protectedProcedure = t.procedure .use(sentryMiddleware) .use(isAuthed2); - export const rbacProtectedProcedure = (scope: Array) => { return t.procedure .use(sentryMiddleware)