From b32fe88ce8434d1b986a2bb5dc92a8669f6f89af Mon Sep 17 00:00:00 2001 From: Joey Zhou Date: Thu, 30 Jan 2025 13:37:48 -0800 Subject: [PATCH 1/2] fix: add admin check for actions --- .../admin/churn-subscribers/actions.tsx | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/src/app/(proper_react)/(redesign)/(authenticated)/admin/churn-subscribers/actions.tsx b/src/app/(proper_react)/(redesign)/(authenticated)/admin/churn-subscribers/actions.tsx index 579c67f9095..1c55609550e 100644 --- a/src/app/(proper_react)/(redesign)/(authenticated)/admin/churn-subscribers/actions.tsx +++ b/src/app/(proper_react)/(redesign)/(authenticated)/admin/churn-subscribers/actions.tsx @@ -9,17 +9,34 @@ import { deleteSubscriberChurns, } from "../../../../../../db/tables/subscriber_churns"; import { SubscriberChurnRow } from "knex/types/tables"; +import { getServerSession } from "../../../../../functions/server/getServerSession"; +import { isAdmin } from "../../../../../api/utils/auth"; export async function getAllChurns() { + const session = await getServerSession(); + if (!session?.user?.email || !isAdmin(session.user.email)) { + return []; + } + return getAllSubscriberChurns(); } export async function upsertAllChurns( churningSubscribers: SubscriberChurnRow[], ) { + const session = await getServerSession(); + if (!session?.user?.email || !isAdmin(session.user.email)) { + return []; + } + return upsertSubscriberChurns(churningSubscribers); } export async function clearAllChurns() { + const session = await getServerSession(); + if (!session?.user?.email || !isAdmin(session.user.email)) { + return []; + } + return deleteSubscriberChurns(); } From bc4b65f026601a2b0130c47b7a04ccf70635e539 Mon Sep 17 00:00:00 2001 From: Joey Zhou Date: Fri, 31 Jan 2025 16:01:41 -0800 Subject: [PATCH 2/2] fix: review comment --- .../admin/churn-subscribers/actions.tsx | 27 ++++++++++--------- .../admin/churn-subscribers/page.tsx | 2 +- 2 files changed, 16 insertions(+), 13 deletions(-) diff --git a/src/app/(proper_react)/(redesign)/(authenticated)/admin/churn-subscribers/actions.tsx b/src/app/(proper_react)/(redesign)/(authenticated)/admin/churn-subscribers/actions.tsx index 1c55609550e..68e02bcac64 100644 --- a/src/app/(proper_react)/(redesign)/(authenticated)/admin/churn-subscribers/actions.tsx +++ b/src/app/(proper_react)/(redesign)/(authenticated)/admin/churn-subscribers/actions.tsx @@ -12,31 +12,34 @@ import { SubscriberChurnRow } from "knex/types/tables"; import { getServerSession } from "../../../../../functions/server/getServerSession"; import { isAdmin } from "../../../../../api/utils/auth"; -export async function getAllChurns() { +/** + * Helper function to perform session + admin check. + * Returns true if the current session belongs to an admin user. + */ +async function isAuthorized(): Promise { const session = await getServerSession(); - if (!session?.user?.email || !isAdmin(session.user.email)) { - return []; - } + return Boolean(session?.user?.email && isAdmin(session.user.email)); +} +export async function getAllChurns() { + if (!(await isAuthorized())) { + return null; + } return getAllSubscriberChurns(); } export async function upsertAllChurns( churningSubscribers: SubscriberChurnRow[], ) { - const session = await getServerSession(); - if (!session?.user?.email || !isAdmin(session.user.email)) { - return []; + if (!(await isAuthorized())) { + return null; } - return upsertSubscriberChurns(churningSubscribers); } export async function clearAllChurns() { - const session = await getServerSession(); - if (!session?.user?.email || !isAdmin(session.user.email)) { - return []; + if (!(await isAuthorized())) { + return null; } - return deleteSubscriberChurns(); } diff --git a/src/app/(proper_react)/(redesign)/(authenticated)/admin/churn-subscribers/page.tsx b/src/app/(proper_react)/(redesign)/(authenticated)/admin/churn-subscribers/page.tsx index 62e508d1202..b989eead384 100644 --- a/src/app/(proper_react)/(redesign)/(authenticated)/admin/churn-subscribers/page.tsx +++ b/src/app/(proper_react)/(redesign)/(authenticated)/admin/churn-subscribers/page.tsx @@ -18,7 +18,7 @@ export default async function DevPage() { return ( );