wassname/Open-Assistant
1
0
Fork 0
mirror of https://github.com/wassname/Open-Assistant.git synced 2026-06-27 16:10:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

Addressing review comments

Browse Source
This commit is contained in:
Keith Stevens
2023-01-08 17:54:30 +09:00
parent c234e8b0d0
commit fb0771995d
4 changed files with 29 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files
website/src/lib/auth.ts
+19
View File
@@ -0,0 +1,19 @@
import type { NextApiRequest, NextApiResponse } from "next";
import { getToken } from "next-auth/jwt";
/**
* Wraps any API Route handler and verifies that the user has the appropriate
* role before running the handler. Returns a 403 otherwise.
*/
const withRole = (role: string, handler: (arg0: NextApiRequest, arg1: NextApiResponse<any>) => any) => {
return async (req: NextApiRequest, res: NextApiResponse) => {
const token = await getToken({ req });
if (!token || token.role !== role) {
res.status(403).end();
return;
}
return handler(req, res);
};
};
export default withRole;
website/src/pages/admin/manage_user/[id].tsx
+1 -1
View File
@@ -52,7 +52,7 @@ const ManageUser = ({ user }) => {
return (
<>
<Head>
<title>Open Assistant</title>
<title>Manage Users - Open Assistant</title>
<meta
name="description"
content="Conversational AI for everyone. An open source project to create a chat enabled GPT LLM run by LAION and contributors around the world."
website/src/pages/api/admin/update_user.ts
+4 -10
View File
@@ -1,19 +1,13 @@
import { getToken } from "next-auth/jwt";
import withRole from "src/lib/auth";
import prisma from "src/lib/prismadb";
/**
* Update's the user's data in the database. Accessible only to admins.
*/
const handler = async (req, res) => {
const token = await getToken({ req });
// Return nothing if the user isn't registered or if the user isn't an admin.
if (!token || token.role !== "admin") {
res.status(403).end();
return;
}
const handler = withRole("admin", async (req, res) => {
const { id, role } = JSON.parse(req.body);
await prisma.user.update({
where: {
id,
@@ -24,6 +18,6 @@ const handler = async (req, res) => {
});
res.status(200).end();
};
});
export default handler;
website/src/pages/api/admin/users.ts
+5 -12
View File
@@ -1,21 +1,14 @@
import { getToken } from "next-auth/jwt";
import client from "src/lib/prismadb";
import withRole from "src/lib/auth";
import prisma from "src/lib/prismadb";
/**
* Returns a list of user results from the database when the requesting user is
* a logged in admin.
*/
const handler = async (req, res) => {
const token = await getToken({ req });
// Return nothing if the user isn't registered or if the user isn't an admin.
if (!token || token.role !== "admin") {
res.status(403).end();
return;
}
const handler = withRole("admin", async (req, res) => {
// Fetch 20 users.
const users = await client.user.findMany({
const users = await prisma.user.findMany({
select: {
id: true,
role: true,
@@ -26,6 +19,6 @@ const handler = async (req, res) => {
});
res.status(200).json(users);
};
});
export default handler;