From bf5068d32a9c0225211474886ed811a54eece09d Mon Sep 17 00:00:00 2001 From: Mike Cao Date: Mon, 4 Apr 2022 00:33:20 -0700 Subject: [PATCH] Added CORS to website API endpoints. --- pages/api/account/index.js | 2 +- pages/api/website/[id]/active.js | 3 +++ pages/api/website/[id]/events.js | 3 +++ pages/api/website/[id]/index.js | 3 +++ pages/api/website/[id]/metrics.js | 3 +++ pages/api/website/[id]/pageviews.js | 3 +++ pages/api/website/[id]/stats.js | 3 +++ 7 files changed, 19 insertions(+), 1 deletion(-) diff --git a/pages/api/account/index.js b/pages/api/account/index.js index 101d3e7fab..5afd821231 100644 --- a/pages/api/account/index.js +++ b/pages/api/account/index.js @@ -34,7 +34,7 @@ export default async (req, res) => { return badRequest(res, 'Account already exists'); } } - console.log('------------------\n', data); + const updated = await updateAccount(user_id, data); return ok(res, updated); diff --git a/pages/api/website/[id]/active.js b/pages/api/website/[id]/active.js index 280bc06e06..ad7f8991c7 100644 --- a/pages/api/website/[id]/active.js +++ b/pages/api/website/[id]/active.js @@ -1,9 +1,12 @@ import { getActiveVisitors } from 'lib/queries'; import { methodNotAllowed, ok, unauthorized } from 'lib/response'; import { allowQuery } from 'lib/auth'; +import { useCors } from 'lib/middleware'; export default async (req, res) => { if (req.method === 'GET') { + await useCors(req, res); + if (!(await allowQuery(req))) { return unauthorized(res); } diff --git a/pages/api/website/[id]/events.js b/pages/api/website/[id]/events.js index 7f348ee1d5..974e79f318 100644 --- a/pages/api/website/[id]/events.js +++ b/pages/api/website/[id]/events.js @@ -2,11 +2,14 @@ import moment from 'moment-timezone'; import { getEventMetrics } from 'lib/queries'; import { ok, badRequest, methodNotAllowed, unauthorized } from 'lib/response'; import { allowQuery } from 'lib/auth'; +import { useCors } from 'lib/middleware'; const unitTypes = ['year', 'month', 'hour', 'day']; export default async (req, res) => { if (req.method === 'GET') { + await useCors(req, res); + if (!(await allowQuery(req))) { return unauthorized(res); } diff --git a/pages/api/website/[id]/index.js b/pages/api/website/[id]/index.js index 74ce0f339b..7018a01d9c 100644 --- a/pages/api/website/[id]/index.js +++ b/pages/api/website/[id]/index.js @@ -1,6 +1,7 @@ import { deleteWebsite, getWebsiteById } from 'lib/queries'; import { methodNotAllowed, ok, unauthorized } from 'lib/response'; import { allowQuery } from 'lib/auth'; +import { useCors } from 'lib/middleware'; export default async (req, res) => { const { id } = req.query; @@ -8,6 +9,8 @@ export default async (req, res) => { const websiteId = +id; if (req.method === 'GET') { + await useCors(req, res); + if (!(await allowQuery(req))) { return unauthorized(res); } diff --git a/pages/api/website/[id]/metrics.js b/pages/api/website/[id]/metrics.js index 675427db24..7e74f04451 100644 --- a/pages/api/website/[id]/metrics.js +++ b/pages/api/website/[id]/metrics.js @@ -1,6 +1,7 @@ import { getPageviewMetrics, getSessionMetrics, getWebsiteById } from 'lib/queries'; import { ok, methodNotAllowed, unauthorized, badRequest } from 'lib/response'; import { allowQuery } from 'lib/auth'; +import { useCors } from 'lib/middleware'; const sessionColumns = ['browser', 'os', 'device', 'country', 'language']; const pageviewColumns = ['url', 'referrer']; @@ -26,6 +27,8 @@ function getColumn(type) { export default async (req, res) => { if (req.method === 'GET') { + await useCors(req, res); + if (!(await allowQuery(req))) { return unauthorized(res); } diff --git a/pages/api/website/[id]/pageviews.js b/pages/api/website/[id]/pageviews.js index e2069f8ca7..41ea06eb9f 100644 --- a/pages/api/website/[id]/pageviews.js +++ b/pages/api/website/[id]/pageviews.js @@ -2,11 +2,14 @@ import moment from 'moment-timezone'; import { getPageviewStats } from 'lib/queries'; import { ok, badRequest, methodNotAllowed, unauthorized } from 'lib/response'; import { allowQuery } from 'lib/auth'; +import { useCors } from 'lib/middleware'; const unitTypes = ['year', 'month', 'hour', 'day']; export default async (req, res) => { if (req.method === 'GET') { + await useCors(req, res); + if (!(await allowQuery(req))) { return unauthorized(res); } diff --git a/pages/api/website/[id]/stats.js b/pages/api/website/[id]/stats.js index cdb374e2fd..7b1c5cf0b3 100644 --- a/pages/api/website/[id]/stats.js +++ b/pages/api/website/[id]/stats.js @@ -1,9 +1,12 @@ import { getWebsiteStats } from 'lib/queries'; import { methodNotAllowed, ok, unauthorized } from 'lib/response'; import { allowQuery } from 'lib/auth'; +import { useCors } from 'lib/middleware'; export default async (req, res) => { if (req.method === 'GET') { + await useCors(req, res); + if (!(await allowQuery(req))) { return unauthorized(res); }