xwx.moe/el.xwx.moe
xwx.moe/ el.xwx.moe
1
0
Disbranĉigi 0
Fontkodo Issues Tirpetoj Actions Packages Projects Eldonoj Wiki Activity

code refactoring + many security/bug fixes

This commit is contained in:
daniel31x13 2023-11-06 08:25:57 -05:00
parent b5a28f68ad
commit c8edc3844b
48 changed files with 472 additions and 317 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
components/Modal/Collection/TeamManagement.tsx
View File

@ -47,6 +47,7 @@ export default function TeamManagement({
id: null,
name: "",
username: "",
image: "",
});
useEffect(() => {
@ -401,7 +402,7 @@ export default function TeamManagement({
>
<div className="flex items-center gap-2">
<ProfilePhoto
src={`uploads/avatar/${collection.ownerId}.jpg`}
src={collectionOwner.image ? collectionOwner.image : undefined}
className="border-[3px]"
/>
<div>

2
components/SettingsSidebar.tsx
View File

@ -113,7 +113,7 @@ export default function SettingsSidebar({ className }: { className?: string }) {
</div>
</Link>
{process.env.NEXT_PUBLIC_STRIPE_IS_ACTIVE ? (
{process.env.NEXT_PUBLIC_STRIPE ? (
<Link href="/settings/billing">
<div
className={`${

18
hooks/useInitialData.tsx
View File

@ -9,17 +9,21 @@ export default function useInitialData() {
const { setCollections } = useCollectionStore();
const { setTags } = useTagStore();
// const { setLinks } = useLinkStore();
const { setAccount } = useAccountStore();
const { account, setAccount } = useAccountStore();
// Get account info
useEffect(() => {
if (
status === "authenticated" &&
(!process.env.NEXT_PUBLIC_STRIPE_IS_ACTIVE || data.user.isSubscriber)
) {
if (status === "authenticated") {
setAccount(data?.user.id as number);
}
}, [status, data]);
// Get the rest of the data
useEffect(() => {
if (account.id && (!process.env.NEXT_PUBLIC_STRIPE || account.username)) {
setCollections();
setTags();
// setLinks();
setAccount(data.user.id);
}
}, [status, data]);
}, [account]);
}

30
hooks/useRedirect.tsx
View File

@ -1,30 +0,0 @@
import { useEffect, useState } from "react";
import { useSession } from "next-auth/react";
import { useRouter } from "next/router";
export default function useRedirect() {
const router = useRouter();
const { status } = useSession();
const [redirect, setRedirect] = useState(true);
useEffect(() => {
if (
status === "authenticated" &&
(router.pathname === "/login" || router.pathname === "/register")
) {
router.push("/").then(() => {
setRedirect(false);
});
} else if (
status === "unauthenticated" &&
!(router.pathname === "/login" || router.pathname === "/register")
) {
router.push("/login").then(() => {
setRedirect(false);
});
} else if (status === "loading") setRedirect(true);
else setRedirect(false);
}, [status]);
return redirect;
}

33
layouts/AuthRedirect.tsx
View File

@ -16,17 +16,29 @@ export default function AuthRedirect({ children }: Props) {
const [redirect, setRedirect] = useState(true);
const { account } = useAccountStore();
const emailEnabled = process.env.NEXT_PUBLIC_EMAIL_PROVIDER;
const emailEnabled = process.env.NEXT_PUBLIC_EMAIL_PROVIDER === "true";
const stripeEnabled = process.env.NEXT_PUBLIC_STRIPE === "true";
useInitialData();
useEffect(() => {
if (!router.pathname.startsWith("/public")) {
if (
status === "authenticated" &&
account.id &&
!account.subscription?.active &&
stripeEnabled
) {
router.push("/subscribe").then(() => {
setRedirect(false);
});
}
// Redirect to "/choose-username" if user is authenticated and is either a subscriber OR subscription is undefiend, and doesn't have a username
else if (
emailEnabled &&
status === "authenticated" &&
(data.user.isSubscriber === true ||
data.user.isSubscriber === undefined) &&
account.subscription?.active &&
stripeEnabled &&
account.id &&
!account.username
) {
@ -35,21 +47,16 @@ export default function AuthRedirect({ children }: Props) {
});
} else if (
status === "authenticated" &&
data.user.isSubscriber === false
) {
router.push("/subscribe").then(() => {
setRedirect(false);
});
} else if (
status === "authenticated" &&
account.id &&
(router.pathname === "/login" ||
router.pathname === "/register" ||
router.pathname === "/confirmation" ||
router.pathname === "/subscribe" ||
router.pathname === "/choose-username" ||
router.pathname === "/forgot")
router.pathname === "/forgot" ||
router.pathname === "/")
) {
router.push("/").then(() => {
router.push("/dashboard").then(() => {
setRedirect(false);
});
} else if (
@ -69,7 +76,7 @@ export default function AuthRedirect({ children }: Props) {
} else {
setRedirect(false);
}
}, [status, account]);
}, [status, account, router.pathname]);
if (status !== "loading" && !redirect) return <>{children}</>;
else return <></>;

14
layouts/CenteredForm.tsx
View File

@ -10,10 +10,20 @@ interface Props {
export default function CenteredForm({ text, children }: Props) {
const { theme } = useTheme();
return (
<div className="absolute top-0 bottom-0 left-0 right-0 flex justify-center items-center p-5">
<div className="m-auto flex flex-col gap-2 w-full">
{theme === "dark" ? (
{theme ? (
<Image
src={`/linkwarden_${theme === "dark" ? "dark" : "li"}.png`}
width={640}
height={136}
alt="Linkwarden"
className="h-12 w-fit mx-auto"
/>
) : undefined}
{/* {theme === "dark" ? (
<Image
src="/linkwarden_dark.png"
width={640}
@ -29,7 +39,7 @@ export default function CenteredForm({ text, children }: Props) {
alt="Linkwarden"
className="h-12 w-fit mx-auto"
/>
)}
)} */}
{text ? (
<p className="text-lg max-w-[30rem] min-w-80 w-full mx-auto font-semibold text-black dark:text-white px-2 text-center">
{text}

7
layouts/LinkLayout.tsx
View File

@ -93,11 +93,14 @@ export default function LinkLayout({ children }: Props) {
</div> */}
<div
onClick={() => router.back()}
onClick={() => router.push(`/collections/${linkCollection?.id}`)}
className="inline-flex gap-1 hover:opacity-60 items-center select-none cursor-pointer p-2 lg:p-0 lg:px-1 lg:my-2 text-gray-500 dark:text-gray-300 rounded-md duration-100"
>
<FontAwesomeIcon icon={faChevronLeft} className="w-4 h-4" />
Back
Back{" "}
<span className="hidden sm:inline-block">
to <span className="capitalize">{linkCollection?.name}</span>
</span>
</div>
<div className="lg:hidden">

31
lib/api/authenticateUser.ts
View File

@ -1,31 +0,0 @@
import { NextApiRequest, NextApiResponse } from "next";
import { getToken } from "next-auth/jwt";
import { prisma } from "./db";
import { User } from "@prisma/client";
type Props = {
req: NextApiRequest;
res: NextApiResponse;
};
export default async function authenticateUser({
req,
res,
}: Props): Promise<User | null> {
const token = await getToken({ req });
const userId = token?.id;
if (!userId) {
res.status(401).json({ message: "You must be logged in." });
return null;
} else if (process.env.STRIPE_SECRET_KEY && token.isSubscriber === false) {
res.status(401).json({
message:
"You are not a subscriber, feel free to reach out to us at support@linkwarden.app if you think this is an issue.",
});
return null;
}
const user = await prisma.user.findUnique({ where: { id: userId } });
return user;
}

49
lib/api/checkSubscription.ts
View File

@ -1,49 +0,0 @@
import Stripe from "stripe";
export default async function checkSubscription(
stripeSecretKey: string,
email: string
) {
const stripe = new Stripe(stripeSecretKey, {
apiVersion: "2022-11-15",
});
const listByEmail = await stripe.customers.list({
email: email.toLowerCase(),
expand: ["data.subscriptions"],
});
let subscriptionCanceledAt: number | null | undefined;
const isSubscriber = listByEmail.data.some((customer, i) => {
const hasValidSubscription = customer.subscriptions?.data.some(
(subscription) => {
const NEXT_PUBLIC_TRIAL_PERIOD_DAYS =
process.env.NEXT_PUBLIC_TRIAL_PERIOD_DAYS;
const secondsInTwoWeeks = NEXT_PUBLIC_TRIAL_PERIOD_DAYS
? Number(NEXT_PUBLIC_TRIAL_PERIOD_DAYS) * 86400
: 1209600;
subscriptionCanceledAt = subscription.canceled_at;
const isNotCanceledOrHasTime = !(
subscription.canceled_at &&
new Date() >
new Date((subscription.canceled_at + secondsInTwoWeeks) * 1000)
);
return subscription?.items?.data[0].plan && isNotCanceledOrHasTime;
}
);
return (
customer.email?.toLowerCase() === email.toLowerCase() &&
hasValidSubscription
);
});
return {
isSubscriber,
subscriptionCanceledAt,
};
}

52
lib/api/checkSubscriptionByEmail.ts Normal file
View File

@ -0,0 +1,52 @@
import Stripe from "stripe";
const MONTHLY_PRICE_ID = process.env.MONTHLY_PRICE_ID;
const YEARLY_PRICE_ID = process.env.YEARLY_PRICE_ID;
const STRIPE_SECRET_KEY = process.env.STRIPE_SECRET_KEY;
export default async function checkSubscriptionByEmail(email: string) {
let active: boolean | undefined,
stripeSubscriptionId: string | undefined,
currentPeriodStart: number | undefined,
currentPeriodEnd: number | undefined;
if (!STRIPE_SECRET_KEY)
return {
active,
stripeSubscriptionId,
currentPeriodStart,
currentPeriodEnd,
};
const stripe = new Stripe(STRIPE_SECRET_KEY, {
apiVersion: "2022-11-15",
});
console.log("Request made to Stripe by:", email);
const listByEmail = await stripe.customers.list({
email: email.toLowerCase(),
expand: ["data.subscriptions"],
});
listByEmail.data.some((customer) => {
customer.subscriptions?.data.some((subscription) => {
subscription.current_period_end;
active = subscription.items.data.some(
(e) =>
(e.price.id === MONTHLY_PRICE_ID && e.price.active === true) ||
(e.price.id === YEARLY_PRICE_ID && e.price.active === true)
);
stripeSubscriptionId = subscription.id;
currentPeriodStart = subscription.current_period_start * 1000;
currentPeriodEnd = subscription.current_period_end * 1000;
});
});
return {
active,
stripeSubscriptionId,
currentPeriodStart,
currentPeriodEnd,
};
}

25
lib/api/controllers/users/userId/getPublicUserById.ts → lib/api/controllers/public/users/getPublicUserById.ts
View File

@ -3,7 +3,7 @@ import { prisma } from "@/lib/api/db";
export default async function getPublicUserById(
targetId: number | string,
isId: boolean,
requestingUsername?: string
requestingId?: number
) {
const user = await prisma.user.findUnique({
where: isId
@ -29,12 +29,23 @@ export default async function getPublicUserById(
(usernames) => usernames.username
);
if (
user?.isPrivate &&
(!requestingUsername ||
!whitelistedUsernames.includes(requestingUsername?.toLowerCase()))
) {
return { response: "User not found or profile is private.", status: 404 };
if (user?.isPrivate) {
if (requestingId) {
const requestingUsername = (
await prisma.user.findUnique({ where: { id: requestingId } })
)?.username;
if (
!requestingUsername ||
!whitelistedUsernames.includes(requestingUsername?.toLowerCase())
) {
return {
response: "User not found or profile is private.",
status: 404,
};
}
} else
return { response: "User not found or profile is private.", status: 404 };
}
const { password, ...lessSensitiveInfo } = user;

5
lib/api/controllers/users/userId/deleteUserById.ts
View File

@ -68,6 +68,11 @@ export default async function deleteUserById(
where: { ownerId: userId },
});
// Delete subscription
await prisma.subscription.delete({
where: { userId },
});
// Delete user's avatar
removeFile({ filePath: `uploads/avatar/${userId}.jpg` });

6
lib/api/controllers/users/userId/getUserById.ts
View File

@ -11,6 +11,7 @@ export default async function getUserById(userId: number) {
username: true,
},
},
subscriptions: true,
},
});
@ -21,11 +22,14 @@ export default async function getUserById(userId: number) {
(usernames) => usernames.username
);
const { password, ...lessSensitiveInfo } = user;
const { password, subscriptions, ...lessSensitiveInfo } = user;
const data = {
...lessSensitiveInfo,
whitelistedUsers: whitelistedUsernames,
subscription: {
active: subscriptions?.active,
},
};
return { response: data, status: 200 };

5
lib/api/controllers/users/userId/updateUserById.ts
View File

@ -139,10 +139,12 @@ export default async function updateUserById(
},
include: {
whitelistedUsers: true,
subscriptions: true,
},
});
const { whitelistedUsers, password, ...userInfo } = updatedUser;
const { whitelistedUsers, password, subscriptions, ...userInfo } =
updatedUser;
// If user.whitelistedUsers is not provided, we will assume the whitelistedUsers should be removed
const newWhitelistedUsernames: string[] = data.whitelistedUsers || [];
@ -196,6 +198,7 @@ export default async function updateUserById(
...userInfo,
whitelistedUsers: newWhitelistedUsernames,
image: userInfo.image ? `${userInfo.image}?${Date.now()}` : "",
subscription: { active: subscriptions?.active },
};
return { response, status: 200 };

6
lib/api/paymentCheckout.ts
View File

@ -14,12 +14,12 @@ export default async function paymentCheckout(
expand: ["data.subscriptions"],
});
const isExistingCostomer = listByEmail?.data[0]?.id || undefined;
const isExistingCustomer = listByEmail?.data[0]?.id || undefined;
const NEXT_PUBLIC_TRIAL_PERIOD_DAYS =
process.env.NEXT_PUBLIC_TRIAL_PERIOD_DAYS;
const session = await stripe.checkout.sessions.create({
customer: isExistingCostomer ? isExistingCostomer : undefined,
customer: isExistingCustomer ? isExistingCustomer : undefined,
line_items: [
{
price: priceId,
@ -27,7 +27,7 @@ export default async function paymentCheckout(
},
],
mode: "subscription",
customer_email: isExistingCostomer ? undefined : email.toLowerCase(),
customer_email: isExistingCustomer ? undefined : email.toLowerCase(),
success_url: `${process.env.BASE_URL}?session_id={CHECKOUT_SESSION_ID}`,
cancel_url: `${process.env.BASE_URL}/login`,
automatic_tax: {

70
lib/api/verifySubscription.ts Normal file
View File

@ -0,0 +1,70 @@
import { prisma } from "./db";
import { Subscription, User } from "@prisma/client";
import checkSubscriptionByEmail from "./checkSubscriptionByEmail";
interface UserIncludingSubscription extends User {
subscriptions: Subscription | null;
}
export default async function verifySubscription(
user?: UserIncludingSubscription
) {
if (!user) {
return null;
}
const subscription = user.subscriptions;
const currentDate = new Date();
if (
subscription &&
currentDate > subscription.currentPeriodEnd &&
!subscription.active
) {
return null;
}
if (!subscription || currentDate > subscription.currentPeriodEnd) {
const {
active,
stripeSubscriptionId,
currentPeriodStart,
currentPeriodEnd,
} = await checkSubscriptionByEmail(user.email as string);
if (
active &&
stripeSubscriptionId &&
currentPeriodStart &&
currentPeriodEnd
) {
await prisma.subscription
.upsert({
where: {
userId: user.id,
},
create: {
active,
stripeSubscriptionId,
currentPeriodStart: new Date(currentPeriodStart),
currentPeriodEnd: new Date(currentPeriodEnd),
userId: user.id,
},
update: {
active,
stripeSubscriptionId,
currentPeriodStart: new Date(currentPeriodStart),
currentPeriodEnd: new Date(currentPeriodEnd),
},
})
.catch((err) => console.log(err));
}
if (!active) {
return null;
}
}
return user;
}

60
lib/api/verifyUser.ts Normal file
View File

@ -0,0 +1,60 @@
import { NextApiRequest, NextApiResponse } from "next";
import { getToken } from "next-auth/jwt";
import { prisma } from "./db";
import { User } from "@prisma/client";
import verifySubscription from "./verifySubscription";
type Props = {
req: NextApiRequest;
res: NextApiResponse;
};
const STRIPE_SECRET_KEY = process.env.STRIPE_SECRET_KEY;
export default async function verifyUser({
req,
res,
}: Props): Promise<User | null> {
const token = await getToken({ req });
const userId = token?.id;
if (!userId) {
res.status(401).json({ response: "You must be logged in." });
return null;
}
const user = await prisma.user.findUnique({
where: {
id: userId,
},
include: {
subscriptions: true,
},
});
if (!user) {
res.status(404).json({ response: "User not found." });
return null;
}
if (!user.username) {
res.status(401).json({
response: "Username not found.",
});
return null;
}
if (STRIPE_SECRET_KEY) {
const subscribedUser = verifySubscription(user);
if (!subscribedUser) {
res.status(401).json({
response:
"You are not a subscriber, feel free to reach out to us at support@linkwarden.app if you think this is an issue.",
});
return null;
}
}
return user;
}

2
lib/client/getPublicUserData.ts
View File

@ -1,7 +1,7 @@
import { toast } from "react-hot-toast";
export default async function getPublicUserData(id: number | string) {
const response = await fetch(`/api/v1/users/${id}`);
const response = await fetch(`/api/v1/public/users/${id}`);
const data = await response.json();

6
pages/_app.tsx
View File

@ -22,7 +22,11 @@ export default function App({
}, []);
return (
<SessionProvider session={pageProps.session} basePath="/api/v1/auth">
<SessionProvider
session={pageProps.session}
refetchOnWindowFocus={false}
basePath="/api/v1/auth"
>
<Head>
<title>Linkwarden</title>
<meta name="viewport" content="width=device-width, initial-scale=1" />

6
pages/api/v1/archives/[...params].ts
View File

@ -1,14 +1,14 @@
import type { NextApiRequest, NextApiResponse } from "next";
import getPermission from "@/lib/api/getPermission";
import readFile from "@/lib/api/storage/readFile";
import authenticateUser from "@/lib/api/authenticateUser";
import verifyUser from "@/lib/api/verifyUser";
export default async function Index(req: NextApiRequest, res: NextApiResponse) {
if (!req.query.params)
return res.status(401).json({ response: "Invalid parameters." });
const user = await authenticateUser({ req, res });
if (!user) return res.status(404).json({ response: "User not found." });
const user = await verifyUser({ req, res });
if (!user) return;
const collectionId = req.query.params[0];
const linkId = req.query.params[1];

84
pages/api/v1/auth/[...nextauth].ts
View File

@ -1,24 +1,26 @@
import { prisma } from "@/lib/api/db";
import NextAuth from "next-auth/next";
import CredentialsProvider from "next-auth/providers/credentials";
import { AuthOptions, Session, User } from "next-auth";
import { AuthOptions } from "next-auth";
import bcrypt from "bcrypt";
import EmailProvider from "next-auth/providers/email";
import { PrismaAdapter } from "@auth/prisma-adapter";
import { Adapter } from "next-auth/adapters";
import sendVerificationRequest from "@/lib/api/sendVerificationRequest";
import { Provider } from "next-auth/providers";
import checkSubscription from "@/lib/api/checkSubscription";
import verifySubscription from "@/lib/api/verifySubscription";
const emailEnabled =
process.env.EMAIL_FROM && process.env.EMAIL_SERVER ? true : false;
const STRIPE_SECRET_KEY = process.env.STRIPE_SECRET_KEY;
const providers: Provider[] = [
CredentialsProvider({
type: "credentials",
credentials: {},
async authorize(credentials, req) {
console.log("User logged in attempt...");
console.log("User log in attempt...");
if (!credentials) return null;
const { username, password } = credentials as {
@ -26,7 +28,7 @@ const providers: Provider[] = [
password: string;
};
const findUser = await prisma.user.findFirst({
const user = await prisma.user.findFirst({
where: emailEnabled
? {
OR: [
@ -46,12 +48,12 @@ const providers: Provider[] = [
let passwordMatches: boolean = false;
if (findUser?.password) {
passwordMatches = bcrypt.compareSync(password, findUser.password);
if (user?.password) {
passwordMatches = bcrypt.compareSync(password, user.password);
}
if (passwordMatches) {
return { id: findUser?.id };
return { id: user?.id };
} else return null as any;
},
}),
@ -82,62 +84,28 @@ export const authOptions: AuthOptions = {
},
callbacks: {
async jwt({ token, trigger, user }) {
const STRIPE_SECRET_KEY = process.env.STRIPE_SECRET_KEY;
const NEXT_PUBLIC_TRIAL_PERIOD_DAYS =
process.env.NEXT_PUBLIC_TRIAL_PERIOD_DAYS;
const secondsInTwoWeeks = NEXT_PUBLIC_TRIAL_PERIOD_DAYS
? Number(NEXT_PUBLIC_TRIAL_PERIOD_DAYS) * 86400
: 1209600;
const subscriptionIsTimesUp =
token.subscriptionCanceledAt &&
new Date() >
new Date(
((token.subscriptionCanceledAt as number) + secondsInTwoWeeks) *
1000
);
if (
STRIPE_SECRET_KEY &&
(trigger || subscriptionIsTimesUp || !token.isSubscriber)
) {
const user = await prisma.user.findUnique({
where: {
id: Number(token.sub),
},
});
const subscription = await checkSubscription(
STRIPE_SECRET_KEY,
user?.email as string
);
if (subscription.subscriptionCanceledAt) {
token.subscriptionCanceledAt = subscription.subscriptionCanceledAt;
} else token.subscriptionCanceledAt = undefined;
token.isSubscriber = subscription.isSubscriber;
}
if (trigger === "signIn") {
token.id = user.id as number;
} else if (trigger === "update" && token.id) {
const user = await prisma.user.findUnique({
where: {
id: token.id as number,
},
});
if (user?.name) {
token.name = user.name;
}
}
token.sub = token.sub ? Number(token.sub) : undefined;
if (trigger === "signIn") token.id = user?.id as number;
return token;
},
async session({ session, token }) {
session.user.id = token.id;
session.user.isSubscriber = token.isSubscriber;
if (STRIPE_SECRET_KEY) {
const user = await prisma.user.findUnique({
where: {
id: token.id,
},
include: {
subscriptions: true,
},
});
if (user) {
const subscribedUser = await verifySubscription(user);
}
}
return session;
},

6
pages/api/v1/avatar/[id].ts
View File

@ -1,13 +1,13 @@
import type { NextApiRequest, NextApiResponse } from "next";
import { prisma } from "@/lib/api/db";
import readFile from "@/lib/api/storage/readFile";
import authenticateUser from "@/lib/api/authenticateUser";
import verifyUser from "@/lib/api/verifyUser";
export default async function Index(req: NextApiRequest, res: NextApiResponse) {
const queryId = Number(req.query.id);
const user = await authenticateUser({ req, res });
if (!user) return res.status(404).json({ response: "User not found." });
const user = await verifyUser({ req, res });
if (!user) return;
if (!queryId)
return res

6
pages/api/v1/collections/[id].ts
View File

@ -1,14 +1,14 @@
import type { NextApiRequest, NextApiResponse } from "next";
import updateCollectionById from "@/lib/api/controllers/collections/collectionId/updateCollectionById";
import deleteCollectionById from "@/lib/api/controllers/collections/collectionId/deleteCollectionById";
import authenticateUser from "@/lib/api/authenticateUser";
import verifyUser from "@/lib/api/verifyUser";
export default async function collections(
req: NextApiRequest,
res: NextApiResponse
) {
const user = await authenticateUser({ req, res });
if (!user) return res.status(404).json({ response: "User not found." });
const user = await verifyUser({ req, res });
if (!user) return;
if (req.method === "PUT") {
const updated = await updateCollectionById(

6
pages/api/v1/collections/index.ts
View File

@ -1,14 +1,14 @@
import type { NextApiRequest, NextApiResponse } from "next";
import getCollections from "@/lib/api/controllers/collections/getCollections";
import postCollection from "@/lib/api/controllers/collections/postCollection";
import authenticateUser from "@/lib/api/authenticateUser";
import verifyUser from "@/lib/api/verifyUser";
export default async function collections(
req: NextApiRequest,
res: NextApiResponse
) {
const user = await authenticateUser({ req, res });
if (!user) return res.status(404).json({ response: "User not found." });
const user = await verifyUser({ req, res });
if (!user) return;
if (req.method === "GET") {
const collections = await getCollections(user.id);

6
pages/api/v1/dashboard/index.ts
View File

@ -1,11 +1,11 @@
import type { NextApiRequest, NextApiResponse } from "next";
import { LinkRequestQuery } from "@/types/global";
import getDashboardData from "@/lib/api/controllers/dashboard/getDashboardData";
import authenticateUser from "@/lib/api/authenticateUser";
import verifyUser from "@/lib/api/verifyUser";
export default async function links(req: NextApiRequest, res: NextApiResponse) {
const user = await authenticateUser({ req, res });
if (!user) return res.status(404).json({ response: "User not found." });
const user = await verifyUser({ req, res });
if (!user) return;
if (req.method === "GET") {
const convertedData: LinkRequestQuery = {

6
pages/api/v1/links/[id]/archive/index.ts
View File

@ -1,13 +1,13 @@
import type { NextApiRequest, NextApiResponse } from "next";
import archive from "@/lib/api/archive";
import { prisma } from "@/lib/api/db";
import authenticateUser from "@/lib/api/authenticateUser";
import verifyUser from "@/lib/api/verifyUser";
const RE_ARCHIVE_LIMIT = Number(process.env.RE_ARCHIVE_LIMIT) || 5;
export default async function links(req: NextApiRequest, res: NextApiResponse) {
const user = await authenticateUser({ req, res });
if (!user) return res.status(404).json({ response: "User not found." });
const user = await verifyUser({ req, res });
if (!user) return;
const link = await prisma.link.findUnique({
where: {

6
pages/api/v1/links/[id]/index.ts
View File

@ -2,11 +2,11 @@ import type { NextApiRequest, NextApiResponse } from "next";
import deleteLinkById from "@/lib/api/controllers/links/linkId/deleteLinkById";
import updateLinkById from "@/lib/api/controllers/links/linkId/updateLinkById";
import getLinkById from "@/lib/api/controllers/links/linkId/getLinkById";
import authenticateUser from "@/lib/api/authenticateUser";
import verifyUser from "@/lib/api/verifyUser";
export default async function links(req: NextApiRequest, res: NextApiResponse) {
const user = await authenticateUser({ req, res });
if (!user) return res.status(404).json({ response: "User not found." });
const user = await verifyUser({ req, res });
if (!user) return;
if (req.method === "GET") {
const updated = await getLinkById(user.id, Number(req.query.id));

6
pages/api/v1/links/index.ts
View File

@ -2,11 +2,11 @@ import type { NextApiRequest, NextApiResponse } from "next";
import getLinks from "@/lib/api/controllers/links/getLinks";
import postLink from "@/lib/api/controllers/links/postLink";
import { LinkRequestQuery } from "@/types/global";
import authenticateUser from "@/lib/api/authenticateUser";
import verifyUser from "@/lib/api/verifyUser";
export default async function links(req: NextApiRequest, res: NextApiResponse) {
const user = await authenticateUser({ req, res });
if (!user) return res.status(404).json({ response: "User not found." });
const user = await verifyUser({ req, res });
if (!user) return;
if (req.method === "GET") {
// Convert the type of the request query to "LinkRequestQuery"

6
pages/api/v1/migration/index.ts
View File

@ -3,7 +3,7 @@ import exportData from "@/lib/api/controllers/migration/exportData";
import importFromHTMLFile from "@/lib/api/controllers/migration/importFromHTMLFile";
import importFromLinkwarden from "@/lib/api/controllers/migration/importFromLinkwarden";
import { MigrationFormat, MigrationRequest } from "@/types/global";
import authenticateUser from "@/lib/api/authenticateUser";
import verifyUser from "@/lib/api/verifyUser";
export const config = {
api: {
@ -14,8 +14,8 @@ export const config = {
};
export default async function users(req: NextApiRequest, res: NextApiResponse) {
const user = await authenticateUser({ req, res });
if (!user) return res.status(404).json({ response: "User not found." });
const user = await verifyUser({ req, res });
if (!user) return;
if (req.method === "GET") {
const data = await exportData(user.id);

22
pages/api/v1/payment/index.ts
View File

@ -1,19 +1,27 @@
import type { NextApiRequest, NextApiResponse } from "next";
import paymentCheckout from "@/lib/api/paymentCheckout";
import { Plan } from "@/types/global";
import authenticateUser from "@/lib/api/authenticateUser";
import { getToken } from "next-auth/jwt";
import { prisma } from "@/lib/api/db";
export default async function users(req: NextApiRequest, res: NextApiResponse) {
const STRIPE_SECRET_KEY = process.env.STRIPE_SECRET_KEY;
const MONTHLY_PRICE_ID = process.env.MONTHLY_PRICE_ID;
const YEARLY_PRICE_ID = process.env.YEARLY_PRICE_ID;
if (!STRIPE_SECRET_KEY || !MONTHLY_PRICE_ID || !YEARLY_PRICE_ID) {
return res.status(400).json({ response: "Payment is disabled." });
}
const token = await getToken({ req });
const user = await authenticateUser({ req, res });
if (!user) return res.status(404).json({ response: "User not found." });
if (!STRIPE_SECRET_KEY || !MONTHLY_PRICE_ID || !YEARLY_PRICE_ID)
return res.status(400).json({ response: "Payment is disabled." });
console.log(token);
if (!token?.id) return res.status(404).json({ response: "Token invalid." });
const email = (await prisma.user.findUnique({ where: { id: token.id } }))
?.email;
if (!email) return res.status(404).json({ response: "User not found." });
let PRICE_ID = MONTHLY_PRICE_ID;
@ -25,7 +33,7 @@ export default async function users(req: NextApiRequest, res: NextApiResponse) {
if (req.method === "GET") {
const users = await paymentCheckout(
STRIPE_SECRET_KEY,
user.email as string,
email as string,
PRICE_ID
);
return res.status(users.status).json({ response: users.response });

18
pages/api/v1/public/users/[id].ts Normal file
View File

@ -0,0 +1,18 @@
import type { NextApiRequest, NextApiResponse } from "next";
import getPublicUserById from "@/lib/api/controllers/public/users/getPublicUserById";
import { getToken } from "next-auth/jwt";
export default async function users(req: NextApiRequest, res: NextApiResponse) {
const token = await getToken({ req });
const requestingId = token?.id;
const lookupId = req.query.id as string;
// Check if "lookupId" is the user "id" or their "username"
const isId = lookupId.split("").every((e) => Number.isInteger(parseInt(e)));
if (req.method === "GET") {
const users = await getPublicUserById(lookupId, isId, requestingId);
return res.status(users.status).json({ response: users.response });
}
}

6
pages/api/v1/tags/[id].ts
View File

@ -1,11 +1,11 @@
import type { NextApiRequest, NextApiResponse } from "next";
import updeteTagById from "@/lib/api/controllers/tags/tagId/updeteTagById";
import authenticateUser from "@/lib/api/authenticateUser";
import verifyUser from "@/lib/api/verifyUser";
import deleteTagById from "@/lib/api/controllers/tags/tagId/deleteTagById";
export default async function tags(req: NextApiRequest, res: NextApiResponse) {
const user = await authenticateUser({ req, res });
if (!user) return res.status(404).json({ response: "User not found." });
const user = await verifyUser({ req, res });
if (!user) return;
const tagId = Number(req.query.id);

6
pages/api/v1/tags/index.ts
View File

@ -1,10 +1,10 @@
import type { NextApiRequest, NextApiResponse } from "next";
import getTags from "@/lib/api/controllers/tags/getTags";
import authenticateUser from "@/lib/api/authenticateUser";
import verifyUser from "@/lib/api/verifyUser";
export default async function tags(req: NextApiRequest, res: NextApiResponse) {
const user = await authenticateUser({ req, res });
if (!user) return res.status(404).json({ response: "User not found." });
const user = await verifyUser({ req, res });
if (!user) return;
if (req.method === "GET") {
const tags = await getTags(user.id);

64
pages/api/v1/users/[id].ts
View File

@ -1,48 +1,58 @@
import type { NextApiRequest, NextApiResponse } from "next";
import getUserById from "@/lib/api/controllers/users/userId/getUserById";
import getPublicUserById from "@/lib/api/controllers/users/userId/getPublicUserById";
import updateUserById from "@/lib/api/controllers/users/userId/updateUserById";
import deleteUserById from "@/lib/api/controllers/users/userId/deleteUserById";
import authenticateUser from "@/lib/api/authenticateUser";
import { prisma } from "@/lib/api/db";
import { getToken } from "next-auth/jwt";
import { prisma } from "@/lib/api/db";
import verifySubscription from "@/lib/api/verifySubscription";
const STRIPE_SECRET_KEY = process.env.STRIPE_SECRET_KEY;
export default async function users(req: NextApiRequest, res: NextApiResponse) {
const token = await getToken({ req });
const userId = token?.id;
if (!token?.id)
return res.status(400).json({ response: "Invalid parameters." });
if (!userId) {
return res.status(401).json({ response: "You must be logged in." });
}
const username = (await prisma.user.findUnique({ where: { id: token.id } }))
?.username;
if (userId !== Number(req.query.id))
return res.status(401).json({ response: "Permission denied." });
if (!username) return res.status(404).json({ response: "User not found." });
const lookupId = req.query.id as string;
const isSelf =
userId === Number(lookupId) || username === lookupId ? true : false;
// Check if "lookupId" is the user "id" or their "username"
const isId = lookupId.split("").every((e) => Number.isInteger(parseInt(e)));
if (req.method === "GET" && !isSelf) {
const users = await getPublicUserById(lookupId, isId, username);
if (req.method === "GET") {
const users = await getUserById(userId);
return res.status(users.status).json({ response: users.response });
}
const user = await authenticateUser({ req, res });
if (!user) return res.status(404).json({ response: "User not found." });
if (STRIPE_SECRET_KEY) {
const user = await prisma.user.findUnique({
where: {
id: token.id,
},
include: {
subscriptions: true,
},
});
if (req.method === "GET") {
const users = await getUserById(user.id);
return res.status(users.status).json({ response: users.response });
} else if (req.method === "PUT") {
const updated = await updateUserById(user.id, req.body);
if (user) {
const subscribedUser = await verifySubscription(user);
if (!subscribedUser) {
return res.status(401).json({
response:
"You are not a subscriber, feel free to reach out to us at support@linkwarden.app if you think this is an issue.",
});
}
} else {
return res.status(404).json({ response: "User not found." });
}
}
if (req.method === "PUT") {
const updated = await updateUserById(userId, req.body);
return res.status(updated.status).json({ response: updated.response });
} else if (req.method === "DELETE" && user.id === Number(req.query.id)) {
} else if (req.method === "DELETE") {
console.log(req.body);
const updated = await deleteUserById(user.id, req.body);
const updated = await deleteUserById(userId, req.body);
return res.status(updated.status).json({ response: updated.response });
}
}

9
pages/index.tsx
View File

@ -1,10 +1,3 @@
import { useRouter } from "next/router";
import { useEffect } from "react";
export default function Index() {
const router = useRouter();
useEffect(() => {
router.push("/dashboard");
}, []);
return null;
}

4
pages/register.tsx
View File

@ -96,7 +96,7 @@ export default function Register() {
return (
<CenteredForm
text={
process.env.NEXT_PUBLIC_STRIPE_IS_ACTIVE
process.env.NEXT_PUBLIC_STRIPE
? `Unlock ${
process.env.NEXT_PUBLIC_TRIAL_PERIOD_DAYS || 14
} days of Premium Service at no cost!`
@ -196,7 +196,7 @@ export default function Register() {
/>
</div>
{process.env.NEXT_PUBLIC_STRIPE_IS_ACTIVE ? (
{process.env.NEXT_PUBLIC_STRIPE ? (
<div>
<p className="text-xs text-gray-500 dark:text-gray-400">
By signing up, you agree to our{" "}

18
pages/settings/account.tsx
View File

@ -86,20 +86,6 @@ export default function Account() {
if (response.ok) {
toast.success("Settings Applied!");
// if (user.email !== account.email) {
// update({
// id: data?.user.id,
// });
// signOut();
// } else if (
// user.username !== account.username ||
// user.name !== account.name
// )
// update({
// id: data?.user.id,
// });
} else toast.error(response.data as string);
setSubmitLoader(false);
};
@ -190,7 +176,7 @@ export default function Account() {
<div>
<p className="text-black dark:text-white mb-2">Email</p>
{user.email !== account.email &&
process.env.NEXT_PUBLIC_STRIPE_IS_ACTIVE === "true" ? (
process.env.NEXT_PUBLIC_STRIPE === "true" ? (
<p className="text-gray-500 dark:text-gray-400 mb-2 text-sm">
Updating this field will change your billing email as well
</p>
@ -388,7 +374,7 @@ export default function Account() {
<p>
This will permanently delete ALL the Links, Collections, Tags, and
archived data you own.{" "}
{process.env.NEXT_PUBLIC_STRIPE_IS_ACTIVE
{process.env.NEXT_PUBLIC_STRIPE
? "It will also cancel your subscription. "
: undefined}{" "}
You will be prompted to enter your password before the deletion

3
pages/settings/billing.tsx
View File

@ -6,8 +6,7 @@ export default function Billing() {
const router = useRouter();
useEffect(() => {
if (!process.env.NEXT_PUBLIC_STRIPE_IS_ACTIVE)
router.push("/settings/profile");
if (!process.env.NEXT_PUBLIC_STRIPE) router.push("/settings/profile");
}, []);
return (

4
pages/settings/delete.tsx
View File

@ -72,7 +72,7 @@ export default function Password() {
<p>
This will permanently delete all the Links, Collections, Tags, and
archived data you own. It will also log you out
{process.env.NEXT_PUBLIC_STRIPE_IS_ACTIVE
{process.env.NEXT_PUBLIC_STRIPE
? " and cancel your subscription"
: undefined}
. This action is irreversible!
@ -91,7 +91,7 @@ export default function Password() {
/>
</div>
{process.env.NEXT_PUBLIC_STRIPE_IS_ACTIVE ? (
{process.env.NEXT_PUBLIC_STRIPE ? (
<fieldset className="border rounded-md p-2 border-sky-500">
<legend className="px-3 py-1 text-sm sm:text-base border rounded-md border-sky-500">
<b>Optional</b>{" "}

1
pages/settings/password.tsx
View File

@ -1,7 +1,6 @@
import SettingsLayout from "@/layouts/SettingsLayout";
import { useState } from "react";
import useAccountStore from "@/store/account";
import { faPenToSquare } from "@fortawesome/free-regular-svg-icons";
import SubmitButton from "@/components/SubmitButton";
import { toast } from "react-hot-toast";
import TextInput from "@/components/TextInput";

5
pages/subscribe.tsx
View File

@ -1,4 +1,4 @@
import { signOut } from "next-auth/react";
import { signOut, useSession } from "next-auth/react";
import { useState } from "react";
import { toast } from "react-hot-toast";
import { useRouter } from "next/router";
@ -7,6 +7,7 @@ import { Plan } from "@/types/global";
export default function Subscribe() {
const [submitLoader, setSubmitLoader] = useState(false);
const session = useSession();
const [plan, setPlan] = useState<Plan>(1);
@ -83,7 +84,7 @@ export default function Subscribe() {
<p className="font-semibold">
Billed {plan === Plan.monthly ? "Monthly" : "Yearly"}
</p>
<fieldset className="w-full px-4 pb-4 pt-1 rounded-md border border-sky-100 dark:border-neutral-700">
<fieldset className="w-full flex-col flex justify-evenly px-4 pb-4 pt-1 rounded-md border border-sky-100 dark:border-neutral-700">
<legend className="w-fit font-extralight px-2 border border-sky-100 dark:border-neutral-700 rounded-md text-xl">
Total
</legend>

19
prisma/migrations/20231103051515_add_subscription_table/migration.sql Normal file
View File

@ -0,0 +1,19 @@
-- CreateTable
CREATE TABLE "Subscription" (
"id" SERIAL NOT NULL,
"active" BOOLEAN NOT NULL,
"stripeSubscriptionId" TEXT NOT NULL,
"currentPeriodStart" TIMESTAMP(3) NOT NULL,
"currentPeriodEnd" TIMESTAMP(3) NOT NULL,
"userId" INTEGER NOT NULL,
"createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
"updatedAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
CONSTRAINT "Subscription_pkey" PRIMARY KEY ("id")
);
-- CreateIndex
CREATE UNIQUE INDEX "Subscription_stripeSubscriptionId_key" ON "Subscription"("stripeSubscriptionId");
-- AddForeignKey
ALTER TABLE "Subscription" ADD CONSTRAINT "Subscription_userId_fkey" FOREIGN KEY ("userId") REFERENCES "User"("id") ON DELETE RESTRICT ON UPDATE CASCADE;

8
prisma/migrations/20231104052926_changed_subscription_relation/migration.sql Normal file
View File

@ -0,0 +1,8 @@
/*
Warnings:
- A unique constraint covering the columns `[userId]` on the table `Subscription` will be added. If there are existing duplicate values, this will fail.
*/
-- CreateIndex
CREATE UNIQUE INDEX "Subscription_userId_key" ON "Subscription"("userId");

24
prisma/schema.prisma
View File

@ -18,19 +18,21 @@ model User {
image String?
password String
collections Collection[]
tags Tag[]
pinnedLinks Link[]
collectionsJoined UsersAndCollections[]
whitelistedUsers WhitelistedUser[]
subscriptions Subscription?
archiveAsScreenshot Boolean @default(true)
archiveAsPDF Boolean @default(true)
archiveAsWaybackMachine Boolean @default(false)
collectionsJoined UsersAndCollections[]
isPrivate Boolean @default(false)
whitelistedUsers WhitelistedUser[]
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt @default(now())
}
@ -127,3 +129,17 @@ model Tag {
@@unique([name, ownerId])
}
model Subscription {
id Int @id @default(autoincrement())
active Boolean
stripeSubscriptionId String @unique
currentPeriodStart DateTime
currentPeriodEnd DateTime
user User @relation(fields: [userId], references: [id])
userId Int @unique
createdAt DateTime @default(now())
updatedAt DateTime @updatedAt @default(now())
}

5
styles/globals.css
View File

@ -2,6 +2,11 @@
@tailwind components;
@tailwind utilities;
html,
body {
scroll-behavior: smooth;
}
/* Hide scrollbar */
.hide-scrollbar::-webkit-scrollbar {
display: none;

4
types/enviornment.d.ts vendored
View File

@ -17,11 +17,11 @@ declare global {
BUCKET_NAME?: string;
SPACES_REGION?: string;
NEXT_PUBLIC_EMAIL_PROVIDER?: true;
NEXT_PUBLIC_EMAIL_PROVIDER?: string;
EMAIL_FROM?: string;
EMAIL_SERVER?: string;
NEXT_PUBLIC_STRIPE_IS_ACTIVE?: string;
NEXT_PUBLIC_STRIPE?: string;
STRIPE_SECRET_KEY?: string;
MONTHLY_PRICE_ID?: string;
YEARLY_PRICE_ID?: string;

3
types/global.ts
View File

@ -40,6 +40,9 @@ export interface CollectionIncludingMembersAndLinkCount
export interface AccountSettings extends User {
newPassword?: string;
whitelistedUsers: string[];
subscription?: {
active?: boolean;
};
}
interface LinksIncludingTags extends Link {

4
types/next-auth.d.ts vendored
View File

@ -5,7 +5,6 @@ declare module "next-auth" {
interface Session {
user: {
id: number;
isSubscriber: boolean;
};
}
@ -16,9 +15,8 @@ declare module "next-auth" {
declare module "next-auth/jwt" {
interface JWT {
sub: string;
sub?: number;
id: number;
isSubscriber: boolean;
iat: number;
exp: number;
jti: string;