diff options
Diffstat (limited to 'pages/api/user')
| -rw-r--r-- | pages/api/user/profile.js | 16 | ||||
| -rw-r--r-- | pages/api/user/update/episode.js | 30 |
2 files changed, 36 insertions, 10 deletions
diff --git a/pages/api/user/profile.js b/pages/api/user/profile.js index dd22bd8..e20aaca 100644 --- a/pages/api/user/profile.js +++ b/pages/api/user/profile.js @@ -43,13 +43,21 @@ export default async function handler(req, res) { } case "DELETE": { const { name } = req.body; - const user = await deleteUser(name); - if (!user) { - return res.status(404).json({ message: "User not found" }); + // return res.status(200).json({ name }); + if (session.user.name !== name) { + return res.status(401).json({ message: "Unauthorized" }); } else { - return res.status(200).json(user); + const user = await deleteUser(name); + if (!user) { + return res.status(404).json({ message: "User not found" }); + } else { + return res.status(200).json(user); + } } } + default: { + return res.status(405).json({ message: "Method not allowed" }); + } } } catch (error) { console.log(error); diff --git a/pages/api/user/update/episode.js b/pages/api/user/update/episode.js index 7974446..52c9494 100644 --- a/pages/api/user/update/episode.js +++ b/pages/api/user/update/episode.js @@ -3,6 +3,7 @@ import { authOptions } from "../../auth/[...nextauth]"; import { createList, + deleteEpisode, getEpisode, updateUserEpisode, } from "../../../../prisma/user"; @@ -16,13 +17,17 @@ export default async function handler(req, res) { case "POST": { const { name, id } = JSON.parse(req.body); - const episode = await createList(name, id); - if (!episode) { - return res - .status(200) - .json({ message: "Episode is already created" }); + if (session.user.name !== name) { + return res.status(401).json({ message: "Unauthorized" }); } else { - return res.status(201).json(episode); + const episode = await createList(name, id); + if (!episode) { + return res + .status(200) + .json({ message: "Episode is already created" }); + } else { + return res.status(201).json(episode); + } } } case "PUT": { @@ -68,6 +73,19 @@ export default async function handler(req, res) { return res.status(200).json(episode); } } + case "DELETE": { + const { name, id } = req.body; + if (session.user.name !== name) { + return res.status(401).json({ message: "Unauthorized" }); + } else { + const episode = await deleteEpisode(name, id); + if (!episode) { + return res.status(404).json({ message: "Episode not found" }); + } else { + return res.status(200).json({ message: "Episode deleted" }); + } + } + } } } catch (error) { console.log(error); |