From 26132ff33bc341cae1e9e5fc613d164b4110a322 Mon Sep 17 00:00:00 2001 From: garyellow Date: Mon, 13 May 2024 23:18:42 +0800 Subject: [PATCH] refactor: optimize voting API endpoints --- server/api/voting/add.post.ts | 46 +++++++++------------- server/api/voting/archive.post.ts | 41 ++++++++----------- server/api/voting/del.delete.ts | 35 ++++++++-------- server/api/voting/getAll.get.ts | 19 +++------ server/api/voting/getResult.get.ts | 25 ++++++------ server/api/voting/getVotingGroupCnt.get.ts | 40 ++++++++----------- server/api/voting/unarchive.post.ts | 40 ++++++++----------- 7 files changed, 99 insertions(+), 147 deletions(-) diff --git a/server/api/voting/add.post.ts b/server/api/voting/add.post.ts index b4fbd002..145fc5ea 100644 --- a/server/api/voting/add.post.ts +++ b/server/api/voting/add.post.ts @@ -1,6 +1,23 @@ import prisma from '~/lib/prisma' -import { getServerSession } from '#auth' export default defineEventHandler(async (event) => { + // 確認權限 + if (!event.context.session) { + throw createError({ + statusCode: 401, + statusMessage: 'Unauthorized', + message: '未登入', + }) + } + + if (!event.context.isAdmin) { + throw createError({ + statusCode: 403, + statusMessage: 'Forbidden', + message: '不是管理員', + }) + } + + // 確認參數 const { voteName, voteGroup, startTime, endTime, onlyOne, candidates } = await readBody(event) as { voteName: string voteGroup: number | undefined @@ -36,32 +53,7 @@ export default defineEventHandler(async (event) => { }) } - const session = await getServerSession(event) as { user: { email: string } } | null - - if (!session) { - throw createError({ - statusCode: 401, - statusMessage: 'Unauthorized', - message: '未登入', - }) - } - - const email = session.user.email - const studentId = parseInt(email.substring(1, 10)) - - const admin = await prisma.admin.findUnique({ - where: { id: studentId }, - select: null, - }) - - if (!admin) { - throw createError({ - statusCode: 403, - statusMessage: 'Forbidden', - message: '不在管理員名單中', - }) - } - + // 執行操作 const voting = await prisma.voting.create({ data: { name: voteName, diff --git a/server/api/voting/archive.post.ts b/server/api/voting/archive.post.ts index c597a9f9..0eb07d8f 100644 --- a/server/api/voting/archive.post.ts +++ b/server/api/voting/archive.post.ts @@ -1,19 +1,7 @@ import prisma from '~/lib/prisma' -import { getServerSession } from '#auth' export default defineEventHandler(async (event) => { - const { id } = await readBody(event) as { id: string | undefined } - - if (!id || isNaN(parseInt(id))) { - throw createError({ - statusCode: 400, - statusMessage: 'Bad Request', - message: 'Parameter "id" is required and should be a number.', - }) - } - - const session = await getServerSession(event) as { user: { email: string } } | null - - if (!session) { + // 確認權限 + if (!event.context.session) { throw createError({ statusCode: 401, statusMessage: 'Unauthorized', @@ -21,19 +9,22 @@ export default defineEventHandler(async (event) => { }) } - const email = session.user.email - const studentId = email.substring(1, 10) - - const admin = await prisma.admin.findUnique({ - where: { id: parseInt(studentId) }, - select: null, - }) - - if (!admin) { + if (!event.context.isAdmin) { throw createError({ statusCode: 403, statusMessage: 'Forbidden', - message: '不在管理員名單中', + message: '不是管理員', + }) + } + + // 確認參數 + const { id } = await readBody(event) as { id: string | undefined } + + if (!id || isNaN(parseInt(id))) { + throw createError({ + statusCode: 400, + statusMessage: 'Bad Request', + message: 'Parameter "id" is required and should be a number.', }) } @@ -44,7 +35,7 @@ export default defineEventHandler(async (event) => { }, }) - if (studentId != process.env.SUPER_ADMIN) { + if (!event.context.isSuperAdmin) { if (Date.now() >= voting.startTime.getTime()) { throw createError({ statusCode: 403, diff --git a/server/api/voting/del.delete.ts b/server/api/voting/del.delete.ts index de9f081d..b293f842 100644 --- a/server/api/voting/del.delete.ts +++ b/server/api/voting/del.delete.ts @@ -1,19 +1,7 @@ import prisma from '~/lib/prisma' -import { getServerSession } from '#auth' export default defineEventHandler(async (event) => { - const { id } = getQuery(event) as { id: string | undefined } - - if (!id || isNaN(parseInt(id))) { - throw createError({ - statusCode: 400, - statusMessage: 'Bad Request', - message: 'Parameter "id" is required and should be a number.', - }) - } - - const session = await getServerSession(event) as { user: { email: string } } | null - - if (!session) { + // 確認權限 + if (!event.context.session) { throw createError({ statusCode: 401, statusMessage: 'Unauthorized', @@ -21,17 +9,26 @@ export default defineEventHandler(async (event) => { }) } - const email = session.user.email - const studentId = email.substring(1, 10) - - if (studentId != process.env.SUPER_ADMIN) { + if (!event.context.isAdmin) { throw createError({ statusCode: 403, statusMessage: 'Forbidden', - message: '不是超級管理員', + message: '不是管理員', + }) + } + + // 確認參數 + const { id } = getQuery(event) as { id: string | undefined } + + if (!id || isNaN(parseInt(id))) { + throw createError({ + statusCode: 400, + statusMessage: 'Bad Request', + message: 'Parameter "id" is required and should be a number.', }) } + // 執行操作 const voting = await prisma.voting.findUniqueOrThrow({ where: { id: parseInt(id) }, select: { archive: true }, diff --git a/server/api/voting/getAll.get.ts b/server/api/voting/getAll.get.ts index cc47d966..99558920 100644 --- a/server/api/voting/getAll.get.ts +++ b/server/api/voting/getAll.get.ts @@ -1,9 +1,7 @@ import prisma from '~/lib/prisma' -import { getServerSession } from '#auth' export default defineEventHandler(async (event) => { - const session = await getServerSession(event) as { user: { email: string } } | null - - if (!session) { + // 確認權限 + if (!event.context.session) { throw createError({ statusCode: 401, statusMessage: 'Unauthorized', @@ -11,22 +9,15 @@ export default defineEventHandler(async (event) => { }) } - const email = session.user.email - const studentId = parseInt(email.substring(1, 10)) - - const admin = await prisma.admin.findUnique({ - where: { id: studentId }, - select: null, - }) - - if (!admin) { + if (!event.context.isAdmin) { throw createError({ statusCode: 403, statusMessage: 'Forbidden', - message: '不在管理員名單中', + message: '不是管理員', }) } + // 執行操作 return await prisma.voting.findMany({ select: { id: true, diff --git a/server/api/voting/getResult.get.ts b/server/api/voting/getResult.get.ts index 80954307..9632bada 100644 --- a/server/api/voting/getResult.get.ts +++ b/server/api/voting/getResult.get.ts @@ -1,6 +1,15 @@ import prisma from '~/lib/prisma' -import { getServerSession } from '#auth' export default defineEventHandler(async (event) => { + // 確認權限 + if (!event.context.session) { + throw createError({ + statusCode: 401, + statusMessage: 'Unauthorized', + message: '未登入', + }) + } + + // 確認參數 const { id } = getQuery(event) as { id: string | undefined } if (!id || isNaN(parseInt(id))) { @@ -11,19 +20,6 @@ export default defineEventHandler(async (event) => { }) } - const session = await getServerSession(event) as { user: { email: string } } | null - - if (!session) { - throw createError({ - statusCode: 401, - statusMessage: 'Unauthorized', - message: '未登入', - }) - } - - const email = session.user.email - const studentId = parseInt(email.substring(1, 10)) - const voting = await prisma.voting.findUniqueOrThrow({ where: { id: parseInt(id) }, select: { @@ -49,6 +45,7 @@ export default defineEventHandler(async (event) => { }) } + const studentId = parseInt(event.context.id) const admin = await prisma.admin.findUnique({ where: { id: studentId }, select: null, diff --git a/server/api/voting/getVotingGroupCnt.get.ts b/server/api/voting/getVotingGroupCnt.get.ts index 09141aca..a53a685e 100644 --- a/server/api/voting/getVotingGroupCnt.get.ts +++ b/server/api/voting/getVotingGroupCnt.get.ts @@ -1,19 +1,7 @@ import prisma from '~/lib/prisma' -import { getServerSession } from '#auth' export default defineEventHandler(async (event) => { - const { votingId, groupId } = getQuery(event) as { votingId: string | undefined, groupId: string | undefined } - - if (!votingId || isNaN(parseInt(votingId)) || !groupId || isNaN(parseInt(groupId))) { - throw createError({ - statusCode: 400, - statusMessage: 'Bad Request', - message: 'Parameter "votingId" and "groupId" are required and must be integer.', - }) - } - - const session = await getServerSession(event) as { user: { email: string } } | null - - if (!session) { + // 確認權限 + if (!event.context.session) { throw createError({ statusCode: 401, statusMessage: 'Unauthorized', @@ -21,22 +9,26 @@ export default defineEventHandler(async (event) => { }) } - const email = session.user.email - const studentId = parseInt(email.substring(1, 10)) - - const admin = await prisma.admin.findUnique({ - where: { id: studentId }, - select: null, - }) - - if (!admin) { + if (!event.context.isAdmin) { throw createError({ statusCode: 403, statusMessage: 'Forbidden', - message: '不在管理員名單中', + message: '不是管理員', + }) + } + + // 確認參數 + const { votingId, groupId } = getQuery(event) as { votingId: string | undefined, groupId: string | undefined } + + if (!votingId || isNaN(parseInt(votingId)) || !groupId || isNaN(parseInt(groupId))) { + throw createError({ + statusCode: 400, + statusMessage: 'Bad Request', + message: 'Parameter "votingId" and "groupId" are required and must be integer.', }) } + // 執行操作 const VFG = await prisma.votingFromGroup.findUniqueOrThrow({ where: { votingId_groupId: { diff --git a/server/api/voting/unarchive.post.ts b/server/api/voting/unarchive.post.ts index 8927acc9..bb04d840 100644 --- a/server/api/voting/unarchive.post.ts +++ b/server/api/voting/unarchive.post.ts @@ -1,19 +1,7 @@ import prisma from '~/lib/prisma' -import { getServerSession } from '#auth' export default defineEventHandler(async (event) => { - const { id } = await readBody(event) as { id: string | undefined } - - if (!id || isNaN(parseInt(id))) { - throw createError({ - statusCode: 400, - statusMessage: 'Bad Request', - message: 'Parameter "id" is required and must be a number.', - }) - } - - const session = await getServerSession(event) as { user: { email: string } } | null - - if (!session) { + // 確認權限 + if (!event.context.session) { throw createError({ statusCode: 401, statusMessage: 'Unauthorized', @@ -21,22 +9,26 @@ export default defineEventHandler(async (event) => { }) } - const email = session.user.email - const studentId = email.substring(1, 10) - - const admin = await prisma.admin.findUnique({ - where: { id: parseInt(studentId) }, - select: null, - }) - - if (!admin) { + if (!event.context.isAdmin) { throw createError({ statusCode: 403, statusMessage: 'Forbidden', - message: '不在管理員名單中', + message: '不是管理員', + }) + } + + // 確認參數 + const { id } = await readBody(event) as { id: string | undefined } + + if (!id || isNaN(parseInt(id))) { + throw createError({ + statusCode: 400, + statusMessage: 'Bad Request', + message: 'Parameter "id" is required and must be a number.', }) } + // 執行操作 await prisma.voting.update({ where: { id: parseInt(id) }, data: { archive: false },