Skip to content

Commit

Permalink
Merge pull request #245 from Sterbenfr/fix/security
Browse files Browse the repository at this point in the history 
fix(api): Added security to api pages
  • Loading branch information
@Aurelienschmi
Aurelienschmi authored Jul 29, 2024
2 parents 4e0f3cb + 6f3e509 commit 6798b80
Show file tree
Hide file tree
Showing 63 changed files with 384 additions and 62 deletions.
6 changes: 6 additions & 0 deletions app/api/calendar/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,14 @@
// app/api/calendar/route.ts
import { NextRequest, NextResponse } from 'next/server'
import { GET as getEventsByDate } from '../events/route'
import { getServerSession } from 'next-auth'
import { authOptions } from '../auth/[...nextauth]/authOptions'

export async function GET(req: NextRequest) {
const session = await getServerSession(authOptions)
if (!session) {
return NextResponse.redirect(new URL('/error/not-access', req.url))
}
const { searchParams } = new URL(req.url)
const date = searchParams.get('date')

Expand Down
6 changes: 6 additions & 0 deletions app/api/change-password/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,16 @@
import { NextRequest, NextResponse } from 'next/server'
import { getServerSession } from 'next-auth'
import { authOptions } from '../auth/[...nextauth]/authOptions'
import connection from '../../../utils/db'
import bcrypt from 'bcryptjs'
import { streamToString } from '../../../utils/streamUtils'
import { RowDataPacket } from 'mysql2'

export async function POST(req: NextRequest) {
const session = await getServerSession(authOptions)
if (!session) {
return NextResponse.redirect(new URL('/error/not-access', req.url))
}
let data: { oldPassword: string; newPassword: string; userId: string }
try {
data = JSON.parse(await streamToString(req.body))
Expand Down
6 changes: 6 additions & 0 deletions app/api/dons/[donsID]/modalites-livraison/[modalites_livraisonID]/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,16 @@
import { NextRequest, NextResponse } from 'next/server'
import { getServerSession } from 'next-auth'
import { authOptions } from '../../../../auth/[...nextauth]/authOptions'
import connection from '../../../../../../utils/db'

export async function GET(
request: Request,
{ params }: { params: { modalites_livraisonID: string } },
) {
const session = await getServerSession(authOptions)
if (!session) {
return NextResponse.redirect(new URL('/error/not-access', request.url))
}
const modalites_livraisonID = params.modalites_livraisonID
try {
const [rows] = await connection.query(
Expand Down
10 changes: 7 additions & 3 deletions app/api/dons/[donsID]/modalites-livraison/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
import { NextRequest, NextResponse } from 'next/server'
import { getServerSession } from 'next-auth'
import { authOptions } from '../../../auth/[...nextauth]/authOptions'
import connection from '../../../../../utils/db'

import { streamToString } from '../../../../../utils/streamUtils'
Expand All @@ -10,6 +12,10 @@ export async function GET(
request: Request,
{ params }: { params: { donsID: string } },
) {
const session = await getServerSession(authOptions)
if (!session) {
return NextResponse.redirect(new URL('/error/not-access', request.url))
}
const { searchParams } = new URL(request.url)
const page = searchParams.get('page') || '1'
const limit = searchParams.get('limit') || '10'
Expand Down Expand Up @@ -49,9 +55,7 @@ export async function POST(req: NextRequest) {
} catch (error) {
return NextResponse.json({ error: 'Invalid JSON' }, { status: 400 })
}
if (
!ModalitesLivraison.code_Don
) {
if (!ModalitesLivraison.code_Don) {
return NextResponse.json(
{ error: 'Missing product data' },
{ status: 400 },
Expand Down
9 changes: 6 additions & 3 deletions app/api/dons/[donsID]/modalites-livraison/type-livraison/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,16 @@
import { NextRequest, NextResponse } from 'next/server'
import { getServerSession } from 'next-auth'
import { authOptions } from '../../../../auth/[...nextauth]/authOptions'
import connection from '../../../../../../utils/db'

import { streamToString } from '../../../../../../utils/streamUtils'
import type { Type_Livraison } from '@/app/dons/[donsID]/modalites-livraison/type-livraison/page'

export async function GET(request: Request) {
const session = await getServerSession(authOptions)
if (!session) {
return NextResponse.redirect(new URL('/error/not-access', request.url))
}
try {
// eslint-disable-next-line @typescript-eslint/no-unused-vars
const url = new URL(request.url)
const [rows] = await connection.query(
'SELECT code_type_livraison as id, libelle as label FROM `TypeLivraison` LIMIT 1000',
)
Expand Down
6 changes: 6 additions & 0 deletions app/api/dons/[donsID]/reception/[receptionID]/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,16 @@
import { NextRequest, NextResponse } from 'next/server'
import { getServerSession } from 'next-auth'
import { authOptions } from '../../../../auth/[...nextauth]/authOptions'
import connection from '../../../../../../utils/db'

export async function GET(
request: Request,
{ params }: { params: { donsID: string; receptionID: string } },
) {
const session = await getServerSession(authOptions)
if (!session) {
return NextResponse.redirect(new URL('/error/not-access', request.url))
}
const receptionID = params.receptionID
const donsID = params.donsID
try {
Expand Down
6 changes: 6 additions & 0 deletions app/api/dons/[donsID]/reception/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
import { NextRequest, NextResponse } from 'next/server'
import { getServerSession } from 'next-auth'
import { authOptions } from '../../../auth/[...nextauth]/authOptions'
import connection from '../../../../../utils/db'

import { streamToString } from '../../../../../utils/streamUtils'
Expand All @@ -10,6 +12,10 @@ export async function GET(
request: Request,
{ params }: { params: { donsID: string } },
) {
const session = await getServerSession(authOptions)
if (!session) {
return NextResponse.redirect(new URL('/error/not-access', request.url))
}
const { searchParams } = new URL(request.url)
const page = searchParams.get('page') || '1'
const limit = searchParams.get('limit') || '10'
Expand Down
6 changes: 6 additions & 0 deletions app/api/dons/[donsID]/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,16 @@
import { NextRequest, NextResponse } from 'next/server'
import { getServerSession } from 'next-auth'
import { authOptions } from '../../auth/[...nextauth]/authOptions'
import connection from '../../../../utils/db'

export async function GET(
request: Request,
{ params }: { params: { donsID: string } },
) {
const session = await getServerSession(authOptions)
if (!session) {
return NextResponse.redirect(new URL('/error/not-access', request.url))
}
const donsID = params.donsID
try {
const [rows] = await connection.query(
Expand Down
6 changes: 6 additions & 0 deletions app/api/dons/route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,16 @@ import { NextResponse, NextRequest } from 'next/server'
import connection from '../../../utils/db'
import { streamToString } from '../../../utils/streamUtils'
import type { Don } from '@/app/dons/page'
import { getServerSession } from 'next-auth'
import { authOptions } from '../auth/[...nextauth]/authOptions'

type CountResult = { count: number }[]

export async function GET(request: Request) {
const session = await getServerSession(authOptions)
if (!session) {
return NextResponse.redirect(new URL('/error/not-access', request.url))
}
const { searchParams } = new URL(request.url)
const page = searchParams.get('page') || '1'
const limit = searchParams.get('limit') || '10'
Expand Down
8 changes: 6 additions & 2 deletions app/api/dons/type-competences/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,16 @@
import { NextRequest, NextResponse } from 'next/server'
import { getServerSession } from 'next-auth'
import { authOptions } from '../../auth/[...nextauth]/authOptions'
import connection from '../../../../utils/db'
import { streamToString } from '../../../../utils/streamUtils'
import type { Competence } from '@/app/dons/type-competences/page'

export async function GET(request: Request) {
const session = await getServerSession(authOptions)
if (!session) {
return NextResponse.redirect(new URL('/error/not-access', request.url))
}
try {
// eslint-disable-next-line @typescript-eslint/no-unused-vars
const url = new URL(request.url)
const [rows] = await connection.query(
'SELECT code_type_competence as id, libelle as label FROM `TypesCompetences` LIMIT 1000',
)
Expand Down
8 changes: 6 additions & 2 deletions app/api/dons/type-don/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,17 @@
import { NextRequest, NextResponse } from 'next/server'
import { getServerSession } from 'next-auth'
import { authOptions } from '../../auth/[...nextauth]/authOptions'
import connection from '../../../../utils/db'

import { streamToString } from '../../../../utils/streamUtils'
import type { TypeDon } from '@/app/dons/type-don/page'

export async function GET(request: Request) {
const session = await getServerSession(authOptions)
if (!session) {
return NextResponse.redirect(new URL('/error/not-access', request.url))
}
try {
// eslint-disable-next-line @typescript-eslint/no-unused-vars
const url = new URL(request.url)
const [rows] = await connection.query(
'SELECT code_type_don as id, libelle as label FROM `TypesDons` LIMIT 1000',
)
Expand Down
8 changes: 6 additions & 2 deletions app/api/dons/type-mode-conservations-produits/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,17 @@
import { NextRequest, NextResponse } from 'next/server'
import { getServerSession } from 'next-auth'
import { authOptions } from '../../auth/[...nextauth]/authOptions'
import connection from '../../../../utils/db'

import { streamToString } from '../../../../utils/streamUtils'
import type { Mode_Conservation_Produits } from '@/app/dons/type-mode-conservation-produits/page'

export async function GET(request: Request) {
const session = await getServerSession(authOptions)
if (!session) {
return NextResponse.redirect(new URL('/error/not-access', request.url))
}
try {
// eslint-disable-next-line @typescript-eslint/no-unused-vars
const url = new URL(request.url)
const [rows] = await connection.query(
'SELECT code_mode_conservation_produits as id, libelle as label FROM `ModeConservationProduits` LIMIT 1000',
)
Expand Down
8 changes: 6 additions & 2 deletions app/api/dons/type-produits/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,16 @@
import { NextRequest, NextResponse } from 'next/server'
import type { Produit } from '@/app/dons/type-produits/page'
import { getServerSession } from 'next-auth'
import { authOptions } from '../../auth/[...nextauth]/authOptions'
import connection from '../../../../utils/db'
import { streamToString } from '../../../../utils/streamUtils'

export async function GET(request: Request) {
const session = await getServerSession(authOptions)
if (!session) {
return NextResponse.redirect(new URL('/error/not-access', request.url))
}
try {
// eslint-disable-next-line @typescript-eslint/no-unused-vars
const url = new URL(request.url)
const [rows] = await connection.query(
'SELECT code_type_produits as id, libelle as label FROM `TypesProduits` LIMIT 1000',
)
Expand Down
8 changes: 6 additions & 2 deletions app/api/events/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,14 @@
import { NextResponse } from 'next/server'
import { getServerSession } from 'next-auth'
import { authOptions } from '../auth/[...nextauth]/authOptions'
import connection from '../../../utils/db'

export async function GET(request: Request) {
const session = await getServerSession(authOptions)
if (!session) {
return NextResponse.redirect(new URL('/error/not-access', request.url))
}
try {
// eslint-disable-next-line @typescript-eslint/no-unused-vars
const url = new URL(request.url)
// Récupérer les données de don, réception, modalités de livraison et entreprise
// eslint-disable-next-line @typescript-eslint/no-explicit-any
const [donsD]: any[] = await connection.query(
Expand Down
6 changes: 6 additions & 0 deletions app/api/prestataire/[prestataireID]/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,16 @@
import { NextRequest, NextResponse } from 'next/server'
import { getServerSession } from 'next-auth'
import { authOptions } from '../../auth/[...nextauth]/authOptions'
import connection from '../../../../utils/db'

export async function GET(
request: Request,
{ params }: { params: { prestataireID: string } },
) {
const session = await getServerSession(authOptions)
if (!session) {
return NextResponse.redirect(new URL('/error/not-access', request.url))
}
const prestataireID = params.prestataireID
try {
const [rows] = await connection.query(
Expand Down
6 changes: 6 additions & 0 deletions app/api/prestataire/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
import { NextRequest, NextResponse } from 'next/server'
import { getServerSession } from 'next-auth'
import { authOptions } from '../auth/[...nextauth]/authOptions'
import connection from '../../../utils/db'

import { streamToString } from '../../../utils/streamUtils'
Expand All @@ -7,6 +9,10 @@ import type { Prestataire } from '@/app/prestataire/page'
type CountResult = { count: number }[]

export async function GET(request: Request) {
const session = await getServerSession(authOptions)
if (!session) {
return NextResponse.redirect(new URL('/error/not-access', request.url))
}
const { searchParams } = new URL(request.url)
const page = searchParams.get('page') || '1'
const limit = searchParams.get('limit') || '10'
Expand Down
8 changes: 6 additions & 2 deletions app/api/prestataire/type-prestataires/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,16 @@
import { NextRequest, NextResponse } from 'next/server'
import { getServerSession } from 'next-auth'
import { authOptions } from '../../auth/[...nextauth]/authOptions'
import connection from '../../../../utils/db'
import { streamToString } from '../../../../utils/streamUtils'
import type { Prestataire } from '@/app/prestataire/type-prestataires/page'

export async function GET(request: Request) {
const session = await getServerSession(authOptions)
if (!session) {
return NextResponse.redirect(new URL('/error/not-access', request.url))
}
try {
// eslint-disable-next-line @typescript-eslint/no-unused-vars
const url = new URL(request.url)
const [rows] = await connection.query(
'SELECT code_type_de_Prestataire as id, libelle as label FROM `TypePrestataires` LIMIT 1000',
)
Expand Down
8 changes: 6 additions & 2 deletions app/api/select/cerfa/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,14 @@
import { NextResponse } from 'next/server'
import { getServerSession } from 'next-auth'
import { authOptions } from '../../auth/[...nextauth]/authOptions'
import connection from '../../../../utils/db'

export async function GET(request: Request) {
const session = await getServerSession(authOptions)
if (!session) {
return NextResponse.redirect(new URL('/error/not-access', request.url))
}
try {
// eslint-disable-next-line @typescript-eslint/no-unused-vars
const url = new URL(request.url)
const [rows] = await connection.query(
'Select code_Don as id, code_Don as label, code_type_don as params1, date_proposition_don as params2 FROM Dons;',
)
Expand Down
6 changes: 6 additions & 0 deletions app/api/select/dons/[donsID]/modalites-livraison/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,16 @@
import { NextResponse } from 'next/server'
import { getServerSession } from 'next-auth'
import { authOptions } from '../../../../auth/[...nextauth]/authOptions'
import connection from '../../../../../../utils/db'

export async function GET(
request: Request,
{ params }: { params: { donsID: string } },
) {
const session = await getServerSession(authOptions)
if (!session) {
return NextResponse.redirect(new URL('/error/not-access', request.url))
}
try {
const [rows] = await connection.query(
'Select numero_livraison as id, CONCAT(Dons.titre_don," - Livraison ",numero_livraison) as label FROM ModalitesLivraison LEFT JOIN Dons ON ModalitesLivraison.code_don = Dons.code_don WHERE ModalitesLivraison.code_don = ?;',
Expand Down
6 changes: 6 additions & 0 deletions app/api/select/dons/[donsID]/select-dons/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,16 @@
import { NextResponse } from 'next/server'
import { getServerSession } from 'next-auth'
import { authOptions } from '../../../../auth/[...nextauth]/authOptions'
import connection from '../../../../../../utils/db'

export async function GET(
request: Request,
{ params }: { params: { donsID: string } },
) {
const session = await getServerSession(authOptions)
if (!session) {
return NextResponse.redirect(new URL('/error/not-access', request.url))
}
try {
const [rows] = await connection.query(
'Select code_Don as id, titre_don as label FROM Dons WHERE code_Don = ?;',
Expand Down
6 changes: 6 additions & 0 deletions app/api/select/dons/[donsID]/type-don/route.ts
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,16 @@
import { NextResponse } from 'next/server'
import { getServerSession } from 'next-auth'
import { authOptions } from '../../../../auth/[...nextauth]/authOptions'
import connection from '../../../../../../utils/db'

export async function GET(
request: Request,
{ params }: { params: { donsID: string } },
) {
const session = await getServerSession(authOptions)
if (!session) {
return NextResponse.redirect(new URL('/error/not-access', request.url))
}
try {
const [rows] = await connection.query(
'Select code_type_don, code_type_produits FROM Dons WHERE code_Don = ?;',
Expand Down
Loading

0 comments on commit 6798b80

Please sign in to comment.