add route authentication to file upload
This commit is contained in:
@@ -63,11 +63,17 @@ type Manufacturer {
|
|||||||
notice String?
|
notice String?
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type Photo {
|
||||||
|
name String
|
||||||
|
data Bytes
|
||||||
|
}
|
||||||
|
|
||||||
model AuditoryResource {
|
model AuditoryResource {
|
||||||
id String @id @default(auto()) @map("_id") @db.ObjectId
|
id String @id @default(auto()) @map("_id") @db.ObjectId
|
||||||
icon String
|
icon String
|
||||||
name String
|
name String
|
||||||
description String
|
description String
|
||||||
|
photo Photo?
|
||||||
manufacturer Manufacturer?
|
manufacturer Manufacturer?
|
||||||
ages RangeInput
|
ages RangeInput
|
||||||
skills Skill[]
|
skills Skill[]
|
||||||
|
|||||||
@@ -1,7 +1,9 @@
|
|||||||
import { type NextApiHandler } from "next";
|
import { type NextApiHandler } from "next";
|
||||||
import formidable from "formidable";
|
import formidable from "formidable";
|
||||||
import * as path from "path";
|
import * as fs from "fs";
|
||||||
import { prisma } from "~/server/db";
|
import { prisma } from "~/server/db";
|
||||||
|
import { getServerAuthSession } from "~/server/auth";
|
||||||
|
import { Role } from "@prisma/client";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns filename for a given filepath.
|
* Returns filename for a given filepath.
|
||||||
@@ -17,6 +19,12 @@ const handler: NextApiHandler = async (req, res) => {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const authSession = await getServerAuthSession({ req, res });
|
||||||
|
if (!authSession?.user || authSession.user.role !== Role.ADMIN) {
|
||||||
|
res.writeHead(401, "Not authorized");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
const { id } = req.query;
|
const { id } = req.query;
|
||||||
|
|
||||||
if (Array.isArray(id) || !id) {
|
if (Array.isArray(id) || !id) {
|
||||||
@@ -29,17 +37,21 @@ const handler: NextApiHandler = async (req, res) => {
|
|||||||
keepExtensions: true,
|
keepExtensions: true,
|
||||||
});
|
});
|
||||||
|
|
||||||
const localUploadPath: Promise<string> = new Promise((resolve, reject) => {
|
const uploadPhoto: Promise<formidable.File> = new Promise(
|
||||||
form.parse(req, (_err, _fields, files) => {
|
(resolve, reject) => {
|
||||||
const photo = Array.isArray(files.photo) ? files.photo[0] : files.photo;
|
form.parse(req, (_err, _fields, files) => {
|
||||||
if (!photo) {
|
const photo = Array.isArray(files.photo) ? files.photo[0] : files.photo;
|
||||||
reject("Invalid file type sent (or none provided)");
|
if (!photo) {
|
||||||
return;
|
reject("Invalid file type sent (or none provided)");
|
||||||
}
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
resolve(path.join("uploads", getFileName(photo.filepath)));
|
resolve(photo);
|
||||||
});
|
});
|
||||||
});
|
}
|
||||||
|
);
|
||||||
|
|
||||||
|
const photoBuffer = fs.readFileSync((await uploadPhoto).filepath);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
await prisma.auditoryResource.update({
|
await prisma.auditoryResource.update({
|
||||||
@@ -47,7 +59,10 @@ const handler: NextApiHandler = async (req, res) => {
|
|||||||
id,
|
id,
|
||||||
},
|
},
|
||||||
data: {
|
data: {
|
||||||
icon: await localUploadPath,
|
photo: {
|
||||||
|
name: getFileName((await uploadPhoto).filepath),
|
||||||
|
data: photoBuffer,
|
||||||
|
},
|
||||||
},
|
},
|
||||||
});
|
});
|
||||||
} catch (error: unknown) {
|
} catch (error: unknown) {
|
||||||
|
|||||||
Reference in New Issue
Block a user