Lock the e-mail on input if the code has an e-mail associated
This commit is contained in:
Tiago Ribeiro
71
src/pages/api/code/index.ts
Normal file
71
src/pages/api/code/index.ts
Normal file
@@ -0,0 +1,71 @@
|
||||
// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
|
||||
import type {NextApiRequest, NextApiResponse} from "next";
|
||||
import {app} from "@/firebase";
|
||||
import {getFirestore, setDoc, doc, query, collection, where, getDocs} from "firebase/firestore";
|
||||
import {withIronSessionApiRoute} from "iron-session/next";
|
||||
import {sessionOptions} from "@/lib/session";
|
||||
import {Type} from "@/interfaces/user";
|
||||
import {PERMISSIONS} from "@/constants/userPermissions";
|
||||
import {uuidv4} from "@firebase/util";
|
||||
import {prepareMailer, prepareMailOptions} from "@/email";
|
||||
|
||||
const db = getFirestore(app);
|
||||
|
||||
export default withIronSessionApiRoute(handler, sessionOptions);
|
||||
|
||||
async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
if (!req.session.user) {
|
||||
res.status(401).json({ok: false, reason: "You must be logged in to generate a code!"});
|
||||
return;
|
||||
}
|
||||
|
||||
const {type, codes, emails, expiryDate} = req.body as {type: Type; codes: string[]; emails?: string[]; expiryDate: null | Date};
|
||||
const permission = PERMISSIONS.generateCode[type];
|
||||
|
||||
if (!permission.includes(req.session.user.type)) {
|
||||
res.status(403).json({ok: false, reason: "Your account type does not have permissions to generate a code for that type of user!"});
|
||||
return;
|
||||
}
|
||||
|
||||
if (req.session.user.type === "corporate") {
|
||||
const codesGeneratedByUserSnapshot = await getDocs(query(collection(db, "codes"), where("creator", "==", req.session.user.id)));
|
||||
const totalCodes = codesGeneratedByUserSnapshot.docs.length + codes.length;
|
||||
const allowedCodes = req.session.user.corporateInformation?.companyInformation.userAmount || 0;
|
||||
|
||||
if (totalCodes > allowedCodes) {
|
||||
res.status(403).json({
|
||||
ok: false,
|
||||
reason: `You have or would have exceeded your amount of allowed codes, you currently are allowed to generate ${
|
||||
allowedCodes - codesGeneratedByUserSnapshot.docs.length
|
||||
} codes.`,
|
||||
});
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
const codePromises = codes.map(async (code, index) => {
|
||||
const codeRef = doc(db, "codes", code);
|
||||
await setDoc(codeRef, {type, code, creator: req.session.user!.id, expiryDate});
|
||||
|
||||
if (emails && emails.length > index) {
|
||||
await setDoc(codeRef, {email: emails[index]}, {merge: true});
|
||||
|
||||
const transport = prepareMailer();
|
||||
const mailOptions = prepareMailOptions(
|
||||
{
|
||||
type,
|
||||
code,
|
||||
},
|
||||
[emails[index]],
|
||||
"EnCoach Registration",
|
||||
"main",
|
||||
);
|
||||
|
||||
await transport.sendMail(mailOptions);
|
||||
}
|
||||
});
|
||||
|
||||
Promise.all(codePromises).then(() => {
|
||||
res.status(200).json({ok: true});
|
||||
});
|
||||
}
|
||||
Reference in New Issue
Block a user