Skip to content

Commit

Permalink
Adds review security check and fixes some bugs
Browse files Browse the repository at this point in the history 
Signed-off-by: Cole Gentry <peapod2007@gmail.com>
  • Loading branch information
@SomethingNew71
SomethingNew71 committed Dec 5, 2023
1 parent c1bbe7e commit 0bc7597
Show file tree
Hide file tree
Showing 3 changed files with 53 additions and 18 deletions.
18 changes: 16 additions & 2 deletions pages/technical/wheels/review.vue
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,15 @@
import { VDataIterator } from 'vuetify/components/VDataIterator';
import { VSheet } from 'vuetify/components/VSheet';
import { VListItem } from 'vuetify/components/VList';
import { VTextField } from 'vuetify/components/VTextField';
import { VRow, VCol, VContainer } from 'vuetify/components/VGrid';
import { VTable } from 'vuetify/components/VTable';
import { VSkeletonLoader } from 'vuetify/components/VSkeletonLoader';
import { VDivider } from 'vuetify/components/VDivider';
import { VCarousel, VCarouselItem } from 'vuetify/components/VCarousel';
const wheelsToReview: any = ref([]);
const password = ref('');
const acceptLoading = ref(false);
const denyLoading = ref(false);
const { data: wheels, pending, error }: any = await useFetch(() => `/api/wheels/review/list`);
Expand All @@ -33,7 +35,7 @@
acceptLoading.value = true;
await useFetch(() => `/api/wheels/review/save`, {
method: 'POST',
body: item,
body: { wheel: item, auth: password },
})
.then(() => (wheelsToReview.value = wheelsToReview.value.filter((wheel: any) => wheel.uuid !== item.uuid)))
.catch((error) => console.error(error))
Expand All @@ -43,7 +45,7 @@
denyLoading.value = true;
await useFetch(() => `/api/wheels/review/delete`, {
method: 'POST',
body: { uuid: item.new.uuid },
body: { uuid: item.new.uuid, auth: password },
})
.then(() => (wheelsToReview.value = wheelsToReview.value.filter((wheel: any) => wheel.uuid !== item.uuid)))
.catch((error) => console.error(error))
Expand Down Expand Up @@ -90,6 +92,18 @@
</v-container>
</section>
<v-container>
<v-row>
<v-col cols="6">
<v-text-field
prepend-icon="fad fa-file-signature"
variant="solo-filled"
v-model="password"
type="password"
:counter="50"
label="Password"
></v-text-field>
</v-col>
</v-row>
<v-row>
<v-col cols="12">
<v-row v-if="pending" class="align-center justify-center">
Expand Down
15 changes: 11 additions & 4 deletions server/api/wheels/review/delete.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,17 @@ export default defineEventHandler(async (event) => {
},
});

try {
return Promise.allSettled([await docClient.send(dynamoCommand), await deleteFolder(`wheels/uploads/${body.uuid}`)]);
} catch (error) {
throw new Error(`Error when deleting items - ${error}`);
if (body.auth !== config.app.validation_key) {
throw new Error('User is not authorized to review');
} else {
try {
return Promise.allSettled([
await docClient.send(dynamoCommand),
await deleteFolder(`wheels/uploads/${body.uuid}`),
]);
} catch (error) {
throw new Error(`Error when deleting items - ${error}`);
}
}

// This function came from here https://www.codemzy.com/blog/delete-s3-folder-nodejs
Expand Down
38 changes: 26 additions & 12 deletions server/api/wheels/review/save.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ import _ from 'lodash';
export default defineEventHandler(async (event) => {
const config = useRuntimeConfig();
const body = await readBody(event);
const uuid = body.new.uuid;
const uuid = body.wheel.new.uuid;

const docClient = DynamoDBDocumentClient.from(
new DynamoDBClient({
Expand All @@ -16,17 +16,31 @@ export default defineEventHandler(async (event) => {
},
})
);
try {
updateImages(body.new, uuid).then(() => {
_.forEach(body.new, (value, key) => {
if (key !== 'images' && key !== 'inReview' && key !== 'uuid' && value !== '') {
updateProperties({ key, value }, uuid);
}
});
return deleteQueueItem();
});
} catch (error) {
throw new Error(`Error saving approved changes - ${error}`);

if (body.auth !== config.app.validation_key) {
throw new Error('User is not authorized to review');
} else {
try {
if (body.wheel.new.images && body.wheel.new.images.length > 0) {
updateImages(body.wheel.new, uuid).then(() => {
_.forEach(body.wheel.new, (value, key) => {
if (key !== 'images' && key !== 'inReview' && key !== 'uuid' && value !== '') {
updateProperties({ key, value }, uuid);
}
});
deleteQueueItem();
});
} else {
_.forEach(body.wheel.new, (value, key) => {
if (key !== 'images' && key !== 'inReview' && key !== 'uuid' && value !== '') {
updateProperties({ key, value }, uuid);
}
});
deleteQueueItem();
}
} catch (error) {
throw new Error(`Error saving approved changes - ${error}`);
}
}

return { response: 'wheel has been updated' };
Expand Down

1 comment on commit 0bc7597

@vercel
Copy link

@vercel vercel bot commented on 0bc7597 Dec 5, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Successfully deployed to the following URLs:

classicminidiy – ./

classicminidiy.vercel.app
classicminidiy.com
classicminidiy-classicminidiy.vercel.app
www.classicminidiy.com
classicminidiy-git-main-classicminidiy.vercel.app

Please sign in to comment.