Merge pull request #47 from SocialGouv/feat/protect-offer-route

feat: protect offer route
SocialGouv · Feb 29, 2024 · 2f66bf6 · 2f66bf6
2 parents 502833d + 1514be0
commit 2f66bf6
Show file tree

Hide file tree

Showing 5 changed files with 66 additions and 7 deletions.
diff --git a/webapp/src/guards/hasAccessToOffer.ts b/webapp/src/guards/hasAccessToOffer.ts
@@ -0,0 +1,46 @@
+import { type GetServerSideProps } from "next";
+import { appRouter } from "~/server/api/root";
+import getPayloadClient from "~/payload/payloadClient";
+import { PayloadJwtSession, createCallerFactory } from "~/server/api/trpc";
+import { jwtDecode } from "jwt-decode";
+
+export const hasAccessToOffer: GetServerSideProps = async (context) => {
+  const payload = await getPayloadClient({ seed: false });
+
+  const jwtCookie =
+    context.req.cookies[process.env.NEXT_PUBLIC_JWT_NAME ?? "cje-jwt"];
+
+  if (!jwtCookie) {
+    return {
+      redirect: {
+        destination: "/",
+        permanent: false,
+      },
+    };
+  }
+
+  const session = jwtDecode<PayloadJwtSession>(jwtCookie);
+
+  const createCaller = createCallerFactory(appRouter);
+
+  const caller = createCaller({ payload, session });
+
+  const { data: offerListAvailables } = await caller.offer.getListOfAvailables({
+    offerId: parseInt(context.params?.id as string),
+    page: 1,
+    perPage: 1,
+  });
+
+  if (offerListAvailables?.length === 0) {
+    return {
+      redirect: {
+        destination: "/",
+        permanent: false,
+      },
+    };
+  }
+
+  return {
+    props: {},
+  };
+};
diff --git a/webapp/src/pages/dashboard/category/[slug].tsx b/webapp/src/pages/dashboard/category/[slug].tsx
@@ -44,11 +44,9 @@ export default function Dashboard() {
 
   return (
     <CategoryWrapper category={category}>
-      {offers
-        ?.filter((offer) => offer.kind === "code")
-        ?.map((offer) => (
-          <OfferCard key={offer.id} offer={offer} />
-        ))}
+      {offers?.map((offer) => (
+        <OfferCard key={offer.id} offer={offer} />
+      ))}
     </CategoryWrapper>
   );
 }
diff --git a/webapp/src/pages/dashboard/offer/[id].tsx b/webapp/src/pages/dashboard/offer/[id].tsx
@@ -16,6 +16,7 @@ import {
   useSteps,
 } from "@chakra-ui/react";
 import { useGSAP } from "@gsap/react";
+import { GetServerSideProps } from "next";
 import Image from "next/image";
 import Link from "next/link";
 import { useRouter } from "next/router";
@@ -36,12 +37,17 @@ import StepsButtons from "~/components/offer/StepsButtons";
 import CouponWrapper from "~/components/wrappers/CouponWrapper";
 import OfferWrapper from "~/components/wrappers/OfferWrapper";
 import StepsWrapper from "~/components/wrappers/StepsWrapper";
+import { hasAccessToOffer } from "~/guards/hasAccessToOffer";
 import { getItemsTermsOfUse } from "~/payload/components/CustomSelectField";
 import { useAuth } from "~/providers/Auth";
 import { couponAnimation } from "~/utils/animations";
 import { api } from "~/utils/api";
 import { getItemsExternalLink } from "~/utils/itemsOffer";
 
+export const getServerSideProps: GetServerSideProps = async (context) => {
+  return hasAccessToOffer(context);
+};
+
 export default function Dashboard() {
   const { user } = useAuth();
 

diff --git a/webapp/src/server/api/routers/offer.ts b/webapp/src/server/api/routers/offer.ts
@@ -16,13 +16,14 @@ export const offerRouter = createTRPCRouter({
     .input(
       ZGetListParams.merge(
         z.object({
+          offerId: z.number().optional(),
           categoryId: z.number().optional(),
           isCurrentUser: z.boolean().optional(),
         })
       )
     )
     .query(async ({ ctx, input }) => {
-      const { perPage, page, sort, categoryId, isCurrentUser } = input;
+      const { perPage, page, sort, categoryId, offerId, isCurrentUser } = input;
 
       let where = {
         ...payloadWhereOfferIsValid(),
@@ -34,6 +35,12 @@ export const offerRouter = createTRPCRouter({
         };
       }
 
+      if (offerId) {
+        where.id = {
+          equals: offerId,
+        };
+      }
+
       const offers = await ctx.payload.find({
         collection: "offers",
         limit: perPage,

diff --git a/webapp/src/server/api/trpc.ts b/webapp/src/server/api/trpc.ts
@@ -14,7 +14,7 @@ import { ZodError } from "zod";
 import getPayloadClient from "~/payload/payloadClient";
 import { jwtDecode } from "jwt-decode";
 
-type PayloadJwtSession = {
+export type PayloadJwtSession = {
   id: number;
   email: string;
   iat: string;
@@ -158,6 +158,8 @@ const isAuthedAsUser = t.middleware(async ({ next, ctx }) => {
  */
 export const createTRPCRouter = t.router;
 
+export const createCallerFactory = t.createCallerFactory;
+
 /**
  * Public (unauthenticated) procedure
  *