Scope sandbox lookup by name/id and user · pocketenv.io/pocketenv@c8428bb

+22 -2

apps/api/src/xrpc/io/pocketenv/sandbox/deleteSandbox.ts

··· 1 1 import { XRPCError, type HandlerAuth } from "@atproto/xrpc-server"; 2 2 import { Providers } from "consts"; 3 3 import type { Context } from "context"; 4 - import { eq } from "drizzle-orm"; 4 + import { eq, or, isNull, and } from "drizzle-orm"; 5 5 import type { Server } from "lexicon"; 6 6 import type { QueryParams } from "lexicon/types/io/pocketenv/sandbox/deleteSandbox"; 7 7 import generateJwt from "lib/generateJwt"; ··· 9 9 10 10 export default function (server: Server, ctx: Context) { 11 11 const deleteSandbox = async (params: QueryParams, auth: HandlerAuth) => { 12 + if (!auth.credentials) { 13 + throw new XRPCError(401, "Unauthorized"); 14 + } 15 + 16 + const [user] = await ctx.db 17 + .select() 18 + .from(schema.users) 19 + .where(eq(schema.users.did, auth.credentials.did)) 20 + .execute(); 21 + 12 22 const record = await ctx.db 13 23 .select() 14 24 .from(schema.sandboxes) 15 - .where(eq(schema.sandboxes.id, params.id)) 25 + .where( 26 + and( 27 + or( 28 + eq(schema.sandboxes.id, params.id), 29 + eq(schema.sandboxes.name, params.id), 30 + ), 31 + user?.did 32 + ? eq(schema.sandboxes.userId, user.did) 33 + : isNull(schema.sandboxes.userId), 34 + ), 35 + ) 16 36 .execute() 17 37 .then(([row]) => row); 18 38

+21 -2

apps/api/src/xrpc/io/pocketenv/sandbox/startSandbox.ts

··· 1 1 import { XRPCError, type HandlerAuth } from "@atproto/xrpc-server"; 2 2 import { Providers } from "consts"; 3 3 import type { Context } from "context"; 4 - import { eq } from "drizzle-orm"; 4 + import { and, eq, isNull, or } from "drizzle-orm"; 5 5 import type { Server } from "lexicon"; 6 6 import type { QueryParams } from "lexicon/types/io/pocketenv/sandbox/startSandbox"; 7 7 import generateJwt from "lib/generateJwt"; ··· 9 9 10 10 export default function (server: Server, ctx: Context) { 11 11 const startSandbox = async (params: QueryParams, auth: HandlerAuth) => { 12 + let userId: string | undefined; 13 + if (auth.credentials) { 14 + const [user] = await ctx.db 15 + .select() 16 + .from(schema.users) 17 + .where(eq(schema.users.did, auth.credentials.did)); 18 + userId = user?.id; 19 + } 20 + 12 21 const record = await ctx.db 13 22 .select() 14 23 .from(schema.sandboxes) 15 - .where(eq(schema.sandboxes.id, params.id)) 24 + .where( 25 + and( 26 + or( 27 + eq(schema.sandboxes.id, params.id), 28 + eq(schema.sandboxes.name, params.id), 29 + ), 30 + userId 31 + ? eq(schema.sandboxes.userId, userId) 32 + : isNull(schema.sandboxes.userId), 33 + ), 34 + ) 16 35 .execute() 17 36 .then(([row]) => row); 18 37

+21 -2

apps/api/src/xrpc/io/pocketenv/sandbox/stopSandbox.ts

··· 1 1 import { XRPCError, type HandlerAuth } from "@atproto/xrpc-server"; 2 2 import { Providers } from "consts"; 3 3 import type { Context } from "context"; 4 - import { eq } from "drizzle-orm"; 4 + import { and, eq, isNull, or } from "drizzle-orm"; 5 5 import type { Server } from "lexicon"; 6 6 import type { QueryParams } from "lexicon/types/io/pocketenv/sandbox/stopSandbox"; 7 7 import generateJwt from "lib/generateJwt"; ··· 9 9 10 10 export default function (server: Server, ctx: Context) { 11 11 const stopSandbox = async (params: QueryParams, auth: HandlerAuth) => { 12 + let userId: string | undefined; 13 + if (auth.credentials) { 14 + const [user] = await ctx.db 15 + .select() 16 + .from(schema.users) 17 + .where(eq(schema.users.did, auth.credentials.did)); 18 + userId = user?.id; 19 + } 20 + 12 21 const record = await ctx.db 13 22 .select() 14 23 .from(schema.sandboxes) 15 - .where(eq(schema.sandboxes.id, params.id)) 24 + .where( 25 + and( 26 + or( 27 + eq(schema.sandboxes.id, params.id), 28 + eq(schema.sandboxes.name, params.id), 29 + ), 30 + userId 31 + ? eq(schema.sandboxes.userId, userId) 32 + : isNull(schema.sandboxes.userId), 33 + ), 34 + ) 16 35 .execute() 17 36 .then(([row]) => row); 18 37

Configure Feed

Configure Feed