fix: add validation to prevent overwrite user

This commit is contained in:
Mauricio Siu
2024-09-01 19:12:26 -06:00
parent 1650e1bb74
commit 879311c332
6 changed files with 22 additions and 25 deletions

View File

@@ -95,6 +95,16 @@ export const SettingsLayout = ({ children }: Props) => {
}, },
] ]
: []), : []),
...(user?.canAccessToGitProviders
? [
{
title: "Git",
label: "",
icon: GitBranch,
href: "/dashboard/settings/git-providers",
},
]
: []),
]} ]}
/> />
</div> </div>

View File

@@ -3,30 +3,18 @@ import {
apiAssignPermissions, apiAssignPermissions,
apiCreateUserInvitation, apiCreateUserInvitation,
apiFindOneToken, apiFindOneToken,
apiGetBranches,
apiRemoveUser, apiRemoveUser,
users, users,
} from "@/server/db/schema"; } from "@/server/db/schema";
import { haveGithubRequirements } from "@/server/utils/providers/github";
import { createAppAuth } from "@octokit/auth-app";
import { TRPCError } from "@trpc/server"; import { TRPCError } from "@trpc/server";
import { eq } from "drizzle-orm"; import { eq } from "drizzle-orm";
import { Octokit } from "octokit";
import { import {
createInvitation, createInvitation,
findAdmin, findAdmin,
getUserByToken, getUserByToken,
removeUserByAuthId, removeUserByAuthId,
updateAdmin,
} from "../services/admin"; } from "../services/admin";
import { import { adminProcedure, createTRPCRouter, publicProcedure } from "../trpc";
adminProcedure,
createTRPCRouter,
protectedProcedure,
publicProcedure,
} from "../trpc";
import { z } from "zod";
import { getGithubProvider } from "../services/git-provider";
export const adminRouter = createTRPCRouter({ export const adminRouter = createTRPCRouter({
one: adminProcedure.query(async () => { one: adminProcedure.query(async () => {
@@ -85,10 +73,4 @@ export const adminRouter = createTRPCRouter({
}); });
} }
}), }),
// haveGithubConfigured: protectedProcedure.query(async () => {
// const adminResponse = await findAdmin();
// return haveGithubRequirements(adminResponse);
// }),
}); });

View File

@@ -28,6 +28,7 @@ import {
protectedProcedure, protectedProcedure,
publicProcedure, publicProcedure,
} from "../trpc"; } from "../trpc";
import { getUserByToken } from "../services/admin";
export const authRouter = createTRPCRouter({ export const authRouter = createTRPCRouter({
createAdmin: publicProcedure createAdmin: publicProcedure
@@ -61,6 +62,13 @@ export const authRouter = createTRPCRouter({
.input(apiCreateUser) .input(apiCreateUser)
.mutation(async ({ ctx, input }) => { .mutation(async ({ ctx, input }) => {
try { try {
const token = await getUserByToken(input.token);
if (token.isExpired) {
throw new TRPCError({
code: "BAD_REQUEST",
message: "Invalid token",
});
}
const newUser = await createUser(input); const newUser = await createUser(input);
const session = await lucia.createSession(newUser?.authId || "", {}); const session = await lucia.createSession(newUser?.authId || "", {});
ctx.res.appendHeader( ctx.res.appendHeader(

View File

@@ -129,13 +129,9 @@ export const getUserByToken = async (token: string) => {
message: "Invitation not found", message: "Invitation not found",
}); });
} }
const now = new Date();
const isExpired = isAfter(now, new Date(user.expirationDate));
return { return {
...user, ...user,
isExpired, isExpired: user.isRegistered,
}; };
}; };

View File

@@ -72,7 +72,7 @@ export const createUser = async (input: typeof apiCreateUser._type) => {
.update(users) .update(users)
.set({ .set({
isRegistered: true, isRegistered: true,
expirationDate: new Date().toISOString(), expirationDate: undefined,
}) })
.where(eq(users.token, input.token)) .where(eq(users.token, input.token))
.returning() .returning()

View File

@@ -70,6 +70,7 @@ export const apiCreateUser = createSchema
.pick({ .pick({
password: true, password: true,
id: true, id: true,
token: true,
}) })
.required() .required()
.extend({ .extend({