diff options
| author | Factiven <[email protected]> | 2023-08-12 22:54:26 +0700 |
|---|---|---|
| committer | GitHub <[email protected]> | 2023-08-12 22:54:26 +0700 |
| commit | 3e78826658c7d2a4e9b3c1d73e63dacc1d39c361 (patch) | |
| tree | d580d03670692c6c5d361ec8559e7a2352354f3a /pages/api/user | |
| parent | Update v3.9.1 - Merged Beta to Main (#44) (diff) | |
| download | moopa-3.9.3.tar.xz moopa-3.9.3.zip | |
Update v3.9.3 - Merged Beta to Main (#51)v3.9.3
* commit
* update db
* Update v3.9.1-beta-v3.1
* Update v3.9.1
* Fix watched progress not showing
* Secure headers
* Fix recently watched image
* Update v3.9.2
> Added custom lists for AniList
> Fixed episode listMode progress
* Update db route
* Fixed AniList
* Fix next button on dub anime
> video is playing sub anime instead dub
* small adjusment for premid
* fix eslint
* small updates
> added ability to remove episode from recently watched
* Update v3.9.3
Diffstat (limited to 'pages/api/user')
| -rw-r--r-- | pages/api/user/profile.js | 16 | ||||
| -rw-r--r-- | pages/api/user/update/episode.js | 30 |
2 files changed, 36 insertions, 10 deletions
diff --git a/pages/api/user/profile.js b/pages/api/user/profile.js index dd22bd8..e20aaca 100644 --- a/pages/api/user/profile.js +++ b/pages/api/user/profile.js @@ -43,13 +43,21 @@ export default async function handler(req, res) { } case "DELETE": { const { name } = req.body; - const user = await deleteUser(name); - if (!user) { - return res.status(404).json({ message: "User not found" }); + // return res.status(200).json({ name }); + if (session.user.name !== name) { + return res.status(401).json({ message: "Unauthorized" }); } else { - return res.status(200).json(user); + const user = await deleteUser(name); + if (!user) { + return res.status(404).json({ message: "User not found" }); + } else { + return res.status(200).json(user); + } } } + default: { + return res.status(405).json({ message: "Method not allowed" }); + } } } catch (error) { console.log(error); diff --git a/pages/api/user/update/episode.js b/pages/api/user/update/episode.js index 7974446..52c9494 100644 --- a/pages/api/user/update/episode.js +++ b/pages/api/user/update/episode.js @@ -3,6 +3,7 @@ import { authOptions } from "../../auth/[...nextauth]"; import { createList, + deleteEpisode, getEpisode, updateUserEpisode, } from "../../../../prisma/user"; @@ -16,13 +17,17 @@ export default async function handler(req, res) { case "POST": { const { name, id } = JSON.parse(req.body); - const episode = await createList(name, id); - if (!episode) { - return res - .status(200) - .json({ message: "Episode is already created" }); + if (session.user.name !== name) { + return res.status(401).json({ message: "Unauthorized" }); } else { - return res.status(201).json(episode); + const episode = await createList(name, id); + if (!episode) { + return res + .status(200) + .json({ message: "Episode is already created" }); + } else { + return res.status(201).json(episode); + } } } case "PUT": { @@ -68,6 +73,19 @@ export default async function handler(req, res) { return res.status(200).json(episode); } } + case "DELETE": { + const { name, id } = req.body; + if (session.user.name !== name) { + return res.status(401).json({ message: "Unauthorized" }); + } else { + const episode = await deleteEpisode(name, id); + if (!episode) { + return res.status(404).json({ message: "Episode not found" }); + } else { + return res.status(200).json({ message: "Episode deleted" }); + } + } + } } } catch (error) { console.log(error); |