update global (texte + logo)

2024-04-18 17:19:24 +02:00
parent f9d05a2fd3
commit 1c73080fe3
307 changed files with 28214 additions and 105 deletions
--- a/Linkwarden/pages/api/v1/avatar/[id].ts
+++ b/Linkwarden/pages/api/v1/avatar/[id].ts
@ -0,0 +1,100 @@
+import type { NextApiRequest, NextApiResponse } from "next";
+import { prisma } from "@/lib/api/db";
+import readFile from "@/lib/api/storage/readFile";
+import verifyToken from "@/lib/api/verifyToken";
+
+export default async function Index(req: NextApiRequest, res: NextApiResponse) {
+  const queryId = Number(req.query.id);
+
+  if (!queryId)
+    return res
+      .setHeader("Content-Type", "text/plain")
+      .status(401)
+      .send("Invalid parameters.");
+
+  const token = await verifyToken({ req });
+  const userId = typeof token === "string" ? undefined : token?.id;
+
+  if (req.method === "GET") {
+    const targetUser = await prisma.user.findUnique({
+      where: {
+        id: queryId,
+      },
+      include: {
+        whitelistedUsers: true,
+      },
+    });
+
+    if (!targetUser) {
+      return res
+        .setHeader("Content-Type", "text/plain")
+        .status(400)
+        .send("File inaccessible.");
+    }
+
+    const isInAPublicCollection = await prisma.collection.findFirst({
+      where: {
+        ["OR"]: [
+          { ownerId: targetUser.id },
+          {
+            members: {
+              some: {
+                userId: targetUser.id,
+              },
+            },
+          },
+        ],
+        isPublic: true,
+      },
+    });
+
+    if (targetUser?.isPrivate && !isInAPublicCollection) {
+      if (!userId) {
+        return res
+          .setHeader("Content-Type", "text/plain")
+          .status(400)
+          .send("File inaccessible.");
+      }
+
+      const user = await prisma.user.findUnique({
+        where: {
+          id: userId,
+        },
+        include: {
+          subscriptions: true,
+        },
+      });
+
+      const whitelistedUsernames = targetUser?.whitelistedUsers.map(
+        (whitelistedUsername) => whitelistedUsername.username
+      );
+
+      if (!user?.username) {
+        return res
+          .setHeader("Content-Type", "text/plain")
+          .status(400)
+          .send("File inaccessible.");
+      }
+
+      if (
+        user.username &&
+        !whitelistedUsernames?.includes(user.username) &&
+        targetUser.id !== user.id
+      ) {
+        return res
+          .setHeader("Content-Type", "text/plain")
+          .status(400)
+          .send("File inaccessible.");
+      }
+    }
+
+    const { file, contentType, status } = await readFile(
+      `uploads/avatar/${queryId}.jpg`
+    );
+
+    return res
+      .setHeader("Content-Type", contentType)
+      .status(status as number)
+      .send(file);
+  }
+}