devops/encoach_frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
74dcccf089c3158a1aadade97afdce511859a371
encoach_frontend/src/pages/api/user.ts
Tiago Ribeiro b7b2dca2dd Updated the user deletion to work in the backend
2024-01-15 11:02:40 +00:00

89 lines
2.8 KiB
TypeScript
Raw Blame History

import {PERMISSIONS} from "@/constants/userPermissions";
import {app, adminApp} from "@/firebase";
import {User} from "@/interfaces/user";
import {sessionOptions} from "@/lib/session";
import {collection, deleteDoc, doc, getDoc, getDocs, getFirestore, query, setDoc, where} from "firebase/firestore";
import {getAuth} from "firebase-admin/auth";
import {withIronSessionApiRoute} from "iron-session/next";
import {NextApiRequest, NextApiResponse} from "next";
const db = getFirestore(app);
const auth = getAuth(adminApp);
export default withIronSessionApiRoute(user, sessionOptions);
async function user(req: NextApiRequest, res: NextApiResponse) {
if (req.method === "GET") return get(req, res);
if (req.method === "DELETE") return del(req, res);
res.status(404).json(undefined);
}
async function del(req: NextApiRequest, res: NextApiResponse) {
if (!req.session.user) {
res.status(401).json({ok: false});
return;
}
const {id} = req.query as {id: string};
const docUser = await getDoc(doc(db, "users", req.session.user.id));
if (!docUser.exists()) {
res.status(401).json({ok: false});
return;
}
const user = docUser.data() as User;
const docTargetUser = await getDoc(doc(db, "users", id));
if (!docTargetUser.exists()) {
res.status(404).json({ok: false});
return;
}
const targetUser = {...docTargetUser.data(), id: docTargetUser.id} as User;
const permission = PERMISSIONS.deleteUser[targetUser.type];
if (!permission.includes(user.type)) {
res.status(403).json({ok: false});
return;
}
res.json({ok: true});
await auth.deleteUser(id);
await deleteDoc(doc(db, "users", id));
const userCodeDocs = await getDocs(query(collection(db, "codes"), where("userId", "==", id)));
const userParticipantGroup = await getDocs(query(collection(db, "groups"), where("participants", "array-contains", id)));
const userGroupAdminDocs = await getDocs(query(collection(db, "groups"), where("admin", "==", id)));
const userStatsDocs = await getDocs(query(collection(db, "stats"), where("user", "==", id)));
await Promise.all([
...userCodeDocs.docs.map(async (x) => await deleteDoc(x.ref)),
...userGroupAdminDocs.docs.map(async (x) => await deleteDoc(x.ref)),
...userStatsDocs.docs.map(async (x) => await deleteDoc(x.ref)),
...userParticipantGroup.docs.map(
async (x) => await setDoc(x.ref, {participants: x.data().participants.filter((y: string) => y !== id)}, {merge: true}),
),
]);
}
async function get(req: NextApiRequest, res: NextApiResponse) {
if (req.session.user) {
const docUser = await getDoc(doc(db, "users", req.session.user.id));
if (!docUser.exists()) {
res.status(401).json(undefined);
return;
}
const user = docUser.data() as User;
req.session.user = {...user, id: req.session.user.id};
await req.session.save();
res.json({...user, id: req.session.user.id});
} else {
res.status(401).json(undefined);
}
}
Reference in New Issue View Git Blame Copy Permalink