Merge pull request #1065 from mikecao/dev

Added CORS to website API endpoints.
umami-software · Apr 4, 2022 · 493f5a5 · 493f5a5 · vercel · Apr 4, 2022
2 parents 17aaa55 + bf5068d
commit 493f5a5
Show file tree

Hide file tree

Showing 7 changed files with 19 additions and 1 deletion.
diff --git a/pages/api/account/index.js b/pages/api/account/index.js
@@ -34,7 +34,7 @@ export default async (req, res) => {
             return badRequest(res, 'Account already exists');
           }
         }
-        console.log('------------------\n', data);
+
         const updated = await updateAccount(user_id, data);
 
         return ok(res, updated);

diff --git a/pages/api/website/[id]/active.js b/pages/api/website/[id]/active.js
@@ -1,9 +1,12 @@
 import { getActiveVisitors } from 'lib/queries';
 import { methodNotAllowed, ok, unauthorized } from 'lib/response';
 import { allowQuery } from 'lib/auth';
+import { useCors } from 'lib/middleware';
 
 export default async (req, res) => {
   if (req.method === 'GET') {
+    await useCors(req, res);
+
     if (!(await allowQuery(req))) {
       return unauthorized(res);
     }

diff --git a/pages/api/website/[id]/events.js b/pages/api/website/[id]/events.js
@@ -2,11 +2,14 @@ import moment from 'moment-timezone';
 import { getEventMetrics } from 'lib/queries';
 import { ok, badRequest, methodNotAllowed, unauthorized } from 'lib/response';
 import { allowQuery } from 'lib/auth';
+import { useCors } from 'lib/middleware';
 
 const unitTypes = ['year', 'month', 'hour', 'day'];
 
 export default async (req, res) => {
   if (req.method === 'GET') {
+    await useCors(req, res);
+
     if (!(await allowQuery(req))) {
       return unauthorized(res);
     }

diff --git a/pages/api/website/[id]/index.js b/pages/api/website/[id]/index.js
@@ -1,13 +1,16 @@
 import { deleteWebsite, getWebsiteById } from 'lib/queries';
 import { methodNotAllowed, ok, unauthorized } from 'lib/response';
 import { allowQuery } from 'lib/auth';
+import { useCors } from 'lib/middleware';
 
 export default async (req, res) => {
   const { id } = req.query;
 
   const websiteId = +id;
 
   if (req.method === 'GET') {
+    await useCors(req, res);
+
     if (!(await allowQuery(req))) {
       return unauthorized(res);
     }

diff --git a/pages/api/website/[id]/metrics.js b/pages/api/website/[id]/metrics.js
@@ -1,6 +1,7 @@
 import { getPageviewMetrics, getSessionMetrics, getWebsiteById } from 'lib/queries';
 import { ok, methodNotAllowed, unauthorized, badRequest } from 'lib/response';
 import { allowQuery } from 'lib/auth';
+import { useCors } from 'lib/middleware';
 
 const sessionColumns = ['browser', 'os', 'device', 'country', 'language'];
 const pageviewColumns = ['url', 'referrer'];
@@ -26,6 +27,8 @@ function getColumn(type) {
 
 export default async (req, res) => {
   if (req.method === 'GET') {
+    await useCors(req, res);
+
     if (!(await allowQuery(req))) {
       return unauthorized(res);
     }

diff --git a/pages/api/website/[id]/pageviews.js b/pages/api/website/[id]/pageviews.js
@@ -2,11 +2,14 @@ import moment from 'moment-timezone';
 import { getPageviewStats } from 'lib/queries';
 import { ok, badRequest, methodNotAllowed, unauthorized } from 'lib/response';
 import { allowQuery } from 'lib/auth';
+import { useCors } from 'lib/middleware';
 
 const unitTypes = ['year', 'month', 'hour', 'day'];
 
 export default async (req, res) => {
   if (req.method === 'GET') {
+    await useCors(req, res);
+
     if (!(await allowQuery(req))) {
       return unauthorized(res);
     }

diff --git a/pages/api/website/[id]/stats.js b/pages/api/website/[id]/stats.js
@@ -1,9 +1,12 @@
 import { getWebsiteStats } from 'lib/queries';
 import { methodNotAllowed, ok, unauthorized } from 'lib/response';
 import { allowQuery } from 'lib/auth';
+import { useCors } from 'lib/middleware';
 
 export default async (req, res) => {
   if (req.method === 'GET') {
+    await useCors(req, res);
+
     if (!(await allowQuery(req))) {
       return unauthorized(res);
     }