Convert teams api routes.

Author: mikecao

src/app/api/teams/[teamId]/route.ts

@@ -0,0 +1,75 @@
+import { z } from 'zod';
+import { unauthorized, json, badRequest, notFound, ok } from 'lib/response';
+import { canDeleteTeam, canUpdateTeam, canViewTeam, checkAuth } from 'lib/auth';
+import { checkRequest } from 'lib/request';
+import { deleteTeam, getTeam, updateTeam } from 'queries';
+
+export async function GET(request: Request, { params }: { params: Promise<{ teamId: string }> }) {
+  const schema = z.object({
+    teamId: z.string().uuid(),
+  });
+
+  const { error } = await checkRequest(request, schema);
+
+  if (error) {
+    return badRequest(error);
+  }
+
+  const { teamId } = await params;
+
+  const auth = await checkAuth(request);
+
+  if (!auth || !(await canViewTeam(auth, teamId))) {
+    return unauthorized();
+  }
+
+  const team = await getTeam(teamId, { includeMembers: true });
+
+  if (!team) {
+    return notFound('Team not found.');
+  }
+
+  return json(team);
+}
+
+export async function POST(request: Request, { params }: { params: Promise<{ teamId: string }> }) {
+  const schema = z.object({
+    name: z.string().max(50),
+    accessCode: z.string().max(50),
+  });
+
+  const { body, error } = await checkRequest(request, schema);
+
+  if (error) {
+    return badRequest(error);
+  }
+
+  const { teamId } = await params;
+
+  const auth = await checkAuth(request);
+
+  if (!auth || !(await canUpdateTeam(auth, teamId))) {
+    return unauthorized('You must be the owner of this team.');
+  }
+
+  const team = await updateTeam(teamId, body);
+
+  return json(team);
+}
+
+export async function DELETE(
+  request: Request,
+  { params }: { params: Promise<{ teamId: string }> },
+) {
+  const { teamId } = await params;
+
+  const auth = await checkAuth(request);
+
+  if (!auth || !(await canDeleteTeam(auth, teamId))) {
+    return unauthorized('You must be the owner of this team.');
+  }
+
+  await deleteTeam(teamId);
+
+  return ok();
+}

src/app/api/teams/[teamId]/users/[userId]/route.ts

@@ -0,0 +1,72 @@
+import { z } from 'zod';
+import { unauthorized, json, badRequest, ok } from 'lib/response';
+import { canDeleteTeam, canUpdateTeam, checkAuth } from 'lib/auth';
+import { checkRequest } from 'lib/request';
+import { deleteTeam, getTeamUser, updateTeamUser } from 'queries';
+
+export async function GET(
+  request: Request,
+  { params }: { params: Promise<{ teamId: string; userId: string }> },
+) {
+  const { teamId, userId } = await params;
+
+  const auth = await checkAuth(request);
+
+  if (!(await canUpdateTeam(auth, teamId))) {
+    return unauthorized('You must be the owner of this team.');
+  }
+
+  const teamUser = await getTeamUser(teamId, userId);
+
+  return json(teamUser);
+}
+
+export async function POST(
+  request: Request,
+  { params }: { params: Promise<{ teamId: string; userId: string }> },
+) {
+  const schema = z.object({
+    role: z.string().regex(/team-member|team-view-only|team-manager/),
+  });
+
+  const { body, error } = await checkRequest(request, schema);
+
+  if (error) {
+    return badRequest(error);
+  }
+
+  const { teamId, userId } = await params;
+
+  const auth = await checkAuth(request);
+
+  if (!(await canUpdateTeam(auth, teamId))) {
+    return unauthorized('You must be the owner of this team.');
+  }
+
+  const teamUser = await getTeamUser(teamId, userId);
+
+  if (!teamUser) {
+    return badRequest('The User does not exists on this team.');
+  }
+
+  const user = await updateTeamUser(teamUser.id, body);
+
+  return json(user);
+}
+
+export async function DELETE(
+  request: Request,
+  { params }: { params: Promise<{ teamId: string }> },
+) {
+  const { teamId } = await params;
+
+  const auth = await checkAuth(request);
+
+  if (!auth || !(await canDeleteTeam(auth, teamId))) {
+    return unauthorized('You must be the owner of this team.');
+  }
+
+  await deleteTeam(teamId);
+
+  return ok();
+}

src/app/api/teams/[teamId]/users/route.ts

@@ -0,0 +1,83 @@
+import { z } from 'zod';
+import { unauthorized, json, badRequest } from 'lib/response';
+import { canAddUserToTeam, canUpdateTeam, checkAuth } from 'lib/auth';
+import { checkRequest } from 'lib/request';
+import { pagingParams, roleParam } from 'lib/schema';
+import { createTeamUser, getTeamUser, getTeamUsers } from 'queries';
+
+export async function GET(request: Request, { params }: { params: Promise<{ teamId: string }> }) {
+  const schema = z.object({
+    ...pagingParams,
+  });
+
+  const { query, error } = await checkRequest(request, schema);
+
+  if (error) {
+    return badRequest(error);
+  }
+
+  const { teamId } = await params;
+
+  const auth = await checkAuth(request);
+
+  if (!(await canUpdateTeam(auth, teamId))) {
+    return unauthorized('You must be the owner of this team.');
+  }
+
+  const users = await getTeamUsers(
+    {
+      where: {
+        teamId,
+        user: {
+          deletedAt: null,
+        },
+      },
+      include: {
+        user: {
+          select: {
+            id: true,
+            username: true,
+          },
+        },
+      },
+    },
+    query,
+  );
+
+  return json(users);
+}
+
+export async function POST(
+  request: Request,
+  { params }: { params: Promise<{ teamId: string; userId: string }> },
+) {
+  const schema = z.object({
+    role: roleParam,
+  });
+
+  const { body, error } = await checkRequest(request, schema);
+
+  if (error) {
+    return badRequest(error);
+  }
+
+  const { teamId } = await params;
+
+  const auth = await checkAuth(request);
+
+  if (!auth || !(await canAddUserToTeam(auth))) {
+    return unauthorized();
+  }
+
+  const { userId, role } = body;
+
+  const teamUser = await getTeamUser(teamId, userId);
+
+  if (teamUser) {
+    return badRequest('User is already a member of the Team.');
+  }
+
+  const users = await createTeamUser(userId, teamId, role);
+
+  return json(users);
+}

src/app/api/teams/[teamId]/websites/route.ts

@@ -0,0 +1,30 @@
+import { z } from 'zod';
+import { unauthorized, json, badRequest } from 'lib/response';
+import { canViewTeam, checkAuth } from 'lib/auth';
+import { checkRequest } from 'lib/request';
+import { pagingParams } from 'lib/schema';
+import { getTeamWebsites } from 'queries';
+
+export async function GET(request: Request, { params }: { params: Promise<{ teamId: string }> }) {
+  const schema = z.object({
+    ...pagingParams,
+  });
+
+  const { query, error } = await checkRequest(request, schema);
+
+  if (error) {
+    return badRequest(error);
+  }
+
+  const { teamId } = await params;
+
+  const auth = await checkAuth(request);
+
+  if (!auth || !(await canViewTeam(auth, teamId))) {
+    return unauthorized();
+  }
+
+  const websites = await getTeamWebsites(teamId, query);
+
+  return json(websites);
+}

src/app/api/teams/join/route.ts

@@ -0,0 +1,46 @@
+import { z } from 'zod';
+import { unauthorized, json, badRequest, notFound } from 'lib/response';
+import { canCreateTeam, checkAuth } from 'lib/auth';
+import { checkRequest } from 'lib/request';
+import { ROLES } from 'lib/constants';
+import { createTeamUser, findTeam, getTeamUser } from 'queries';
+
+export async function POST(request: Request) {
+  const schema = z.object({
+    accessCode: z.string().max(50),
+  });
+
+  const { body, error } = await checkRequest(request, schema);
+
+  if (error) {
+    return badRequest(error);
+  }
+
+  const auth = await checkAuth(request);
+
+  if (!auth || !(await canCreateTeam(auth))) {
+    return unauthorized();
+  }
+
+  const { accessCode } = body;
+
+  const team = await findTeam({
+    where: {
+      accessCode,
+    },
+  });
+
+  if (!team) {
+    return notFound('Team not found.');
+  }
+
+  const teamUser = await getTeamUser(team.id, auth.user.id);
+
+  if (teamUser) {
+    return badRequest('User is already a team member.');
+  }
+
+  const user = await createTeamUser(auth.user.id, team.id, ROLES.teamMember);
+
+  return json(user);
+}

src/app/api/teams/route.ts

@@ -0,0 +1,38 @@
+import { z } from 'zod';
+import { getRandomChars } from 'next-basics';
+import { unauthorized, json, badRequest } from 'lib/response';
+import { canCreateTeam, checkAuth } from 'lib/auth';
+import { uuid } from 'lib/crypto';
+import { checkRequest } from 'lib/request';
+import { createTeam } from 'queries';
+
+export async function POST(request: Request) {
+  const schema = z.object({
+    name: z.string().max(50),
+  });
+
+  const { body, error } = await checkRequest(request, schema);
+
+  if (error) {
+    return badRequest(error);
+  }
+
+  const auth = await checkAuth(request);
+
+  if (!auth || !(await canCreateTeam(auth))) {
+    return unauthorized();
+  }
+
+  const { name } = body;
+
+  const team = await createTeam(
+    {
+      id: uuid(),
+      name,
+      accessCode: `team_${getRandomChars(16)}`,
+    },
+    auth.user.userId,
+  );
+
+  return json(team);
+}

src/components/hooks/queries/useWebsitePageviews.ts

@@ -1,6 +1,6 @@
 import { UseQueryOptions } from '@tanstack/react-query';
 import { useApi } from '../useApi';
-import { useFilterParams } from '..//useFilterParams';
+import { useFilterParams } from '../useFilterParams';
 
 export function useWebsitePageviews(
   websiteId: string,

src/lib/response.ts

@@ -12,10 +12,14 @@ export function badRequest(message?: any) {
   return Response.json({ error: 'Bad request', message }, { status: 400 });
 }
 
-export function unauthorized() {
-  return Response.json({ error: 'Unauthorized' }, { status: 401 });
+export function notFound(message?: any) {
+  return Response.json({ error: 'Not found', message, status: 404 });
 }
 
-export function serverError(error: any) {
+export function unauthorized(message?: any) {
+  return Response.json({ error: 'Unauthorized', message }, { status: 401 });
+}
+
+export function serverError(error?: any) {
   return Response.json({ error: 'Server error', message: serializeError(error), status: 500 });
 }

src/lib/schema.ts

@@ -30,6 +30,8 @@ export const unitParam = z.string().refine(value => UNIT_TYPES.includes(value),
   message: 'Invalid unit',
 });
 
+export const roleParam = z.string().regex(/team-member|team-view-only|team-manager/);
+
 export const filterParams = {
   url: z.string().optional(),
   referrer: z.string().optional(),