add s3 and local dir support, fix session roles, make sure delete invite checks if its valid first

2025-03-05 08:45:08 -05:00 · 2025-03-05 08:45:08 -05:00 · 774c8e22ce
commit 774c8e22ce
parent 9a91f1e7e3
11 changed files with 171 additions and 12 deletions
--- a/src/routes/api/auth/login.ts
+++ b/src/routes/api/auth/login.ts
@ -141,7 +141,7 @@ async function handler(
 			username: user.username,
 			email: user.email,
 			email_verified: user.email_verified,
-			roles: user.roles,
+			roles: user.roles[0].split(","),
 			avatar: user.avatar,
 			timezone: user.timezone,
 			authorization_token: user.authorization_token,
--- a/src/routes/api/auth/register.ts
+++ b/src/routes/api/auth/register.ts
@ -202,7 +202,7 @@ async function handler(
 			username: user.username,
 			email: user.email,
 			email_verified: user.email_verified,
-			roles: user.roles,
+			roles: user.roles[0].split(","),
 			avatar: user.avatar,
 			timezone: user.timezone,
 			authorization_token: user.authorization_token,
--- a/src/routes/api/invite/delete[invite].ts
+++ b/src/routes/api/invite/delete[invite].ts
@ -1,3 +1,4 @@
+import { isValidInvite } from "@config/sql/users";
 import { type ReservedSQL, sql } from "bun";

 import { logger } from "@/helpers/logger";
@ -34,6 +35,19 @@ async function handler(request: ExtendedRequest): Promise<Response> {
 		);
 	}

+	const { valid, error } = isValidInvite(invite);
+
+	if (!valid && error) {
+		return Response.json(
+			{
+				success: false,
+				code: 400,
+				error: error,
+			},
+			{ status: 400 },
+		);
+	}
+
 	const reservation: ReservedSQL = await sql.reserve();
 	let inviteData: Invite | null = null;

--- a/src/routes/api/settings/set.ts
+++ b/src/routes/api/settings/set.ts
@ -0,0 +1,92 @@
+import { setSetting } from "@config/sql/settings";
+
+import { logger } from "@/helpers/logger";
+
+const routeDef: RouteDef = {
+	method: "POST",
+	accepts: "application/json",
+	returns: "application/json",
+	needsBody: "json",
+};
+
+async function handler(
+	request: ExtendedRequest,
+	requestBody: unknown,
+): Promise<Response> {
+	const { key, value } = requestBody as { key: string; value: string };
+
+	if (!request.session) {
+		return Response.json(
+			{
+				success: false,
+				code: 403,
+				error: "Unauthorized",
+			},
+			{ status: 403 },
+		);
+	}
+
+	if (!request.session.roles.includes("admin")) {
+		return Response.json(
+			{
+				success: false,
+				code: 403,
+				error: "Unauthorized",
+			},
+			{ status: 403 },
+		);
+	}
+
+	if (!key || !value) {
+		return Response.json(
+			{
+				success: false,
+				code: 400,
+				error: "Expected key and value",
+			},
+			{ status: 400 },
+		);
+	}
+
+	if (
+		typeof key !== "string" ||
+		(typeof value !== "string" &&
+			typeof value !== "boolean" &&
+			typeof value !== "number")
+	) {
+		return Response.json(
+			{
+				success: false,
+				code: 400,
+				error: "Expected key to be a string and value to be a string, boolean, or number",
+			},
+			{ status: 400 },
+		);
+	}
+
+	try {
+		await setSetting(key, value);
+	} catch (error) {
+		logger.error(["Could not set the setting:", error as Error]);
+
+		return Response.json(
+			{
+				success: false,
+				code: 500,
+				error: "Failed to set setting",
+			},
+			{ status: 500 },
+		);
+	}
+
+	return Response.json(
+		{
+			success: true,
+			code: 200,
+			message: "Setting set",
+		},
+		{ status: 200 },
+	);
+}
+
+export { handler, routeDef };