brandon/uiowaATR
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

add route authentication to file upload

Browse Source
This commit is contained in:
Brandon Egger 2023-08-21 09:54:08 -05:00
parent 7322b0dde7
commit 2c3d53f317
2 changed files with 33 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
prisma/schema.prisma
View File

@ -63,11 +63,17 @@ type Manufacturer {
notice String? notice String?
} }
type Photo {
name String
data Bytes
}
model AuditoryResource { model AuditoryResource {
id String @id @default(auto()) @map("_id") @db.ObjectId id String @id @default(auto()) @map("_id") @db.ObjectId
icon String icon String
name String name String
description String description String
photo Photo?
manufacturer Manufacturer? manufacturer Manufacturer?
ages RangeInput ages RangeInput
skills Skill[] skills Skill[]

39
src/pages/api/resources/photo/[id].tsx
View File

@ -1,7 +1,9 @@
import { type NextApiHandler } from "next"; import { type NextApiHandler } from "next";
import formidable from "formidable"; import formidable from "formidable";
import * as path from "path"; import * as fs from "fs";
import { prisma } from "~/server/db"; import { prisma } from "~/server/db";
import { getServerAuthSession } from "~/server/auth";
import { Role } from "@prisma/client";
/** /**
* Returns filename for a given filepath. * Returns filename for a given filepath.
@ -17,6 +19,12 @@ const handler: NextApiHandler = async (req, res) => {
return; return;
} }
const authSession = await getServerAuthSession({ req, res });
if (!authSession?.user || authSession.user.role !== Role.ADMIN) {
res.writeHead(401, "Not authorized");
return;
}
const { id } = req.query; const { id } = req.query;
if (Array.isArray(id) || !id) { if (Array.isArray(id) || !id) {
@ -29,17 +37,21 @@ const handler: NextApiHandler = async (req, res) => {
keepExtensions: true, keepExtensions: true,
}); });
const localUploadPath: Promise<string> = new Promise((resolve, reject) => { const uploadPhoto: Promise<formidable.File> = new Promise(
form.parse(req, (_err, _fields, files) => { (resolve, reject) => {
const photo = Array.isArray(files.photo) ? files.photo[0] : files.photo; form.parse(req, (_err, _fields, files) => {
if (!photo) { const photo = Array.isArray(files.photo) ? files.photo[0] : files.photo;
reject("Invalid file type sent (or none provided)"); if (!photo) {
return; reject("Invalid file type sent (or none provided)");
} return;
}
resolve(path.join("uploads", getFileName(photo.filepath))); resolve(photo);
}); });
}); }
);
const photoBuffer = fs.readFileSync((await uploadPhoto).filepath);
try { try {
await prisma.auditoryResource.update({ await prisma.auditoryResource.update({
@ -47,7 +59,10 @@ const handler: NextApiHandler = async (req, res) => {
id, id,
}, },
data: { data: {
icon: await localUploadPath, photo: {
name: getFileName((await uploadPhoto).filepath),
data: photoBuffer,
},
}, },
}); });
} catch (error: unknown) { } catch (error: unknown) {