fix(pages & middleware): throw error if non-author/collaborator tries to edit a story

2023-12-09 17:15:07 -05:00 · 2023-12-09 17:15:07 -05:00 · 989fefd6e7
commit 989fefd6e7
parent a5346e8622
2 changed files with 40 additions and 27 deletions
--- a/lib/client/middleware.ts
+++ b/lib/client/middleware.ts
@ -21,3 +21,25 @@ export const storyMiddleware = defineNuxtRouteMiddleware(async (to, from) => {
 		return navigateTo("/login");
 	}
 });
+
+export const storyEditMiddleware = defineNuxtRouteMiddleware(
+	async (to, from) => {
+		const { data: curU } = useAuth();
+		const rtr = useRoute();
+		const { data: storyInfo } = await useApiFetch<
+			({ chapters: (IChapter & { text: string })[] } & IStory) | null
+		>(`/story/${rtr.params.id}/full`);
+		if (!storyInfo.value) {
+			return showError({ statusCode: 404, message: messages[404] });
+		}
+		if (
+			curU.value?.user?._id !== storyInfo.value?.author._id &&
+			curU.value?.user?._id !== storyInfo.value?.coAuthor?._id
+		) {
+			return showError({
+				statusCode: 403,
+				message: messages[403],
+			});
+		}
+	},
+);
--- a/pages/story/[id]/edit.vue
+++ b/pages/story/[id]/edit.vue
@ -4,54 +4,45 @@
 	import { FormStory } from "~/lib/client/types/form/story";
 	import { IStory } from "~/models/stories";
 	import { IChapter } from "~/models/stories/chapter";
+
+	import { storyEditMiddleware } from "~/lib/client/middleware";
 	const rtr = useRoute();
 	const {
 		data: { value: originalStory },
-	} = await useApiFetch<{ chapters: (IChapter & { text: string })[] } & IStory>(
-		`/story/${rtr.params.id}/full`,
-	);
-	if (!originalStory) {
-		await navigateTo("/not-found");
+	} = await useApiFetch<
+		({ chapters: (IChapter & { text: string })[] } & IStory) | null
+	>(`/story/${rtr.params.id}/full`);
+	if (originalStory === null) {
+		console.log("IT DOESN'T EXIST DAWG");
+		throw createError({
+			statusCode: 404,
+			message: "That story doesn't exist...",
+		});
 	}
 	definePageMeta({
-		middleware: [
-			(from, to) => {
-				const { data: curu } = useAuth();
-				if (
-					curu.value?.user?._id !== originalStory?.author._id &&
-					curu.value?.user?._id !== originalStory?.coAuthor._id
-				) {
-					return navigateTo("/403");
-				}
-			},
-			"auth",
-		],
+		middleware: [storyEditMiddleware, "auth"],
 	});
 	const story: FormStory = {
 		title: originalStory!.title,
-		coAuthor: originalStory?.coAuthor._id,
+		coAuthor: originalStory?.coAuthor ? originalStory.coAuthor._id : null,
 		completed: originalStory!.completed,
 		chapters: originalStory!.chapters.map((a, i) => ({
+			...a,
 			id: a.id,
 			chapterTitle: a.title,
 			index: i + 1,
-			summary: a.summary,
-			notes: a.notes,
-			genre: a.genre,
 			bands: a.bands.map((a) => a._id),
-			characters: a.characters,
-			relationships: a.relationships,
-			nsfw: a.nsfw,
-			loggedInOnly: a.loggedInOnly,
-			hidden: a.hidden,
 			content: a.text,
 			uuidKey: v4(),
 		})),
 	};
+	useHead({
+		title: `Editing story: ${originalStory?.title}`,
+	});
 </script>
 <template>
 	<a-typography-title style="text-align: center">
-		Editing "{{ originalStory!.title }}"
+		Editing "{{ originalStory?.title }}"
 	</a-typography-title>
 	<story-form
 		:can-draft="false"