mirror of
https://github.com/ajnart/homarr.git
synced 2026-02-27 17:00:54 +01:00
c43a2f0488
* refactor: move zod import from validation package to zod * refactor: move missing zod imports
95 lines
2.6 KiB
TypeScript
95 lines
2.6 KiB
TypeScript
import { randomBytes } from "crypto";
|
|
import { TRPCError } from "@trpc/server";
|
|
import { z } from "zod";
|
|
|
|
import { asc, createId, eq } from "@homarr/db";
|
|
import { invites } from "@homarr/db/schema";
|
|
import { selectInviteSchema } from "@homarr/db/validationSchemas";
|
|
|
|
import { createTRPCRouter, permissionRequiredProcedure } from "../trpc";
|
|
import { throwIfCredentialsDisabled } from "./invite/checks";
|
|
|
|
export const inviteRouter = createTRPCRouter({
|
|
getAll: permissionRequiredProcedure
|
|
.requiresPermission("admin")
|
|
.output(
|
|
z.array(
|
|
selectInviteSchema
|
|
.pick({
|
|
id: true,
|
|
expirationDate: true,
|
|
})
|
|
.extend({ creator: z.object({ name: z.string().nullable(), id: z.string() }) }),
|
|
),
|
|
)
|
|
.input(z.undefined())
|
|
.meta({ openapi: { method: "GET", path: "/api/invites", tags: ["invites"], protect: true } })
|
|
.query(async ({ ctx }) => {
|
|
throwIfCredentialsDisabled();
|
|
return await ctx.db.query.invites.findMany({
|
|
orderBy: asc(invites.expirationDate),
|
|
columns: {
|
|
token: false,
|
|
},
|
|
with: {
|
|
creator: {
|
|
columns: {
|
|
id: true,
|
|
name: true,
|
|
},
|
|
},
|
|
},
|
|
});
|
|
}),
|
|
createInvite: permissionRequiredProcedure
|
|
.requiresPermission("admin")
|
|
.input(
|
|
z.object({
|
|
expirationDate: z.date(),
|
|
}),
|
|
)
|
|
.output(z.object({ id: z.string(), token: z.string() }))
|
|
.meta({ openapi: { method: "POST", path: "/api/invites", tags: ["invites"], protect: true } })
|
|
.mutation(async ({ ctx, input }) => {
|
|
throwIfCredentialsDisabled();
|
|
const id = createId();
|
|
const token = randomBytes(20).toString("hex");
|
|
|
|
await ctx.db.insert(invites).values({
|
|
id,
|
|
expirationDate: input.expirationDate,
|
|
creatorId: ctx.session.user.id,
|
|
token,
|
|
});
|
|
|
|
return {
|
|
id,
|
|
token,
|
|
};
|
|
}),
|
|
deleteInvite: permissionRequiredProcedure
|
|
.requiresPermission("admin")
|
|
.input(
|
|
z.object({
|
|
id: z.string(),
|
|
}),
|
|
)
|
|
.output(z.undefined())
|
|
.meta({ openapi: { method: "DELETE", path: "/api/invites/{id}", tags: ["invites"], protect: true } })
|
|
.mutation(async ({ ctx, input }) => {
|
|
throwIfCredentialsDisabled();
|
|
const dbInvite = await ctx.db.query.invites.findFirst({
|
|
where: eq(invites.id, input.id),
|
|
});
|
|
|
|
if (!dbInvite) {
|
|
throw new TRPCError({
|
|
code: "NOT_FOUND",
|
|
message: "Invite not found",
|
|
});
|
|
}
|
|
|
|
await ctx.db.delete(invites).where(eq(invites.id, input.id));
|
|
}),
|
|
});
|