117 lines
2.9 KiB
TypeScript
117 lines
2.9 KiB
TypeScript
|
import { withMethods } from "@lib/api-middleware/with-methods"
|
||
|
import { parseQueryParam } from "@lib/server/parse-query-param"
|
||
|
import { getPostById } from "@lib/server/prisma"
|
||
|
import type { NextApiRequest, NextApiResponse } from "next"
|
||
|
import { getSession } from "next-auth/react"
|
||
|
import { prisma } from "lib/server/prisma"
|
||
|
import * as crypto from "crypto"
|
||
|
|
||
|
const handler = async (req: NextApiRequest, res: NextApiResponse) => {
|
||
|
if (req.method === "GET") return handleGet(req, res)
|
||
|
else if (req.method === "PUT") return handlePut(req, res)
|
||
|
}
|
||
|
|
||
|
export default withMethods(["GET", "PUT"], handler)
|
||
|
|
||
|
async function handleGet(req: NextApiRequest, res: NextApiResponse<any>) {
|
||
|
const id = parseQueryParam(req.query.id)
|
||
|
const files = req.query.files ? parseQueryParam(req.query.files) : true
|
||
|
|
||
|
if (!id) {
|
||
|
return res.status(400).json({ error: "Missing id" })
|
||
|
}
|
||
|
|
||
|
const post = await getPostById(id, Boolean(files))
|
||
|
|
||
|
if (!post) {
|
||
|
return res.status(404).json({ message: "Post not found" })
|
||
|
}
|
||
|
|
||
|
if (post.visibility === "public") {
|
||
|
res.setHeader("Cache-Control", "s-maxage=86400, stale-while-revalidate")
|
||
|
return res.json(post)
|
||
|
} else if (post.visibility === "unlisted") {
|
||
|
res.setHeader("Cache-Control", "s-maxage=1, stale-while-revalidate")
|
||
|
}
|
||
|
|
||
|
const session = await getSession({ req })
|
||
|
|
||
|
// the user can always go directly to their own post
|
||
|
if (session?.user.id === post.authorId) {
|
||
|
return res.json(post)
|
||
|
}
|
||
|
|
||
|
if (post.visibility === "protected") {
|
||
|
const password = parseQueryParam(req.query.password)
|
||
|
const hash = crypto
|
||
|
.createHash("sha256")
|
||
|
.update(password?.toString() || "")
|
||
|
.digest("hex")
|
||
|
.toString()
|
||
|
|
||
|
if (hash === post.password) {
|
||
|
return res.json(post)
|
||
|
} else {
|
||
|
return {
|
||
|
isProtected: true,
|
||
|
post: {
|
||
|
id: post.id,
|
||
|
visibility: post.visibility,
|
||
|
title: post.title
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return res.status(404).json({ message: "Post not found" })
|
||
|
}
|
||
|
|
||
|
// PUT is for adjusting visibility and password
|
||
|
async function handlePut(req: NextApiRequest, res: NextApiResponse<any>) {
|
||
|
const { password, visibility } = req.body
|
||
|
const id = parseQueryParam(req.query.id)
|
||
|
|
||
|
if (!id) {
|
||
|
return res.status(400).json({ error: "Missing id" })
|
||
|
}
|
||
|
|
||
|
const post = await getPostById(id, false)
|
||
|
|
||
|
if (!post) {
|
||
|
return res.status(404).json({ message: "Post not found" })
|
||
|
}
|
||
|
|
||
|
const session = await getSession({ req })
|
||
|
|
||
|
const isAuthor = session?.user.id === post.authorId
|
||
|
|
||
|
if (!isAuthor) {
|
||
|
return res.status(403).json({ message: "Unauthorized" })
|
||
|
}
|
||
|
|
||
|
if (visibility === "protected" && !password) {
|
||
|
return res.status(400).json({ message: "Missing password" })
|
||
|
}
|
||
|
|
||
|
const hashedPassword = crypto
|
||
|
.createHash("sha256")
|
||
|
.update(password?.toString() || "")
|
||
|
.digest("hex")
|
||
|
.toString()
|
||
|
|
||
|
const updatedPost = await prisma.post.update({
|
||
|
where: {
|
||
|
id
|
||
|
},
|
||
|
data: {
|
||
|
visibility,
|
||
|
password: visibility === "protected" ? hashedPassword : null
|
||
|
}
|
||
|
})
|
||
|
|
||
|
res.json({
|
||
|
id: updatedPost.id,
|
||
|
visibility: updatedPost.visibility
|
||
|
})
|
||
|
}
|