From 209791d86d32e33286ecc21f4955478be3c37cf7 Mon Sep 17 00:00:00 2001
From: Bailey Pumfleet <bpumfleet@gmail.com>
Date: Tue, 11 May 2021 10:21:05 +0100
Subject: [PATCH] Get user ID from session instead of looking it up

---
 components/Shell.tsx                          |  2 +-
 pages/api/auth/[...nextauth].tsx              |  4 +++-
 pages/api/auth/changepw.ts                    |  1 -
 pages/api/availability/day.ts                 | 14 +----------
 pages/api/availability/eventtype.ts           | 16 +------------
 pages/api/integrations.ts                     | 24 +------------------
 pages/api/integrations/googlecalendar/add.ts  |  2 +-
 .../integrations/googlecalendar/callback.ts   | 12 +---------
 .../api/integrations/office365calendar/add.ts |  2 +-
 .../office365calendar/callback.ts             | 12 +---------
 pages/api/user/profile.ts                     |  2 +-
 11 files changed, 12 insertions(+), 79 deletions(-)

diff --git a/components/Shell.tsx b/components/Shell.tsx
index 15918e37..3391c9a8 100644
--- a/components/Shell.tsx
+++ b/components/Shell.tsx
@@ -76,7 +76,7 @@ export default function Shell(props) {
                                             </div>
                                             {
                                                 profileDropdownExpanded && (
-                                                    <div className="origin-top-right absolute right-0 mt-2 w-48 rounded-md shadow-lg py-1 bg-white ring-1 ring-black ring-opacity-5 focus:outline-none" role="menu" aria-orientation="vertical" aria-labelledby="user-menu">
+                                                    <div className="origin-top-right absolute right-0 mt-2 w-48 rounded-md shadow-lg py-1 bg-white ring-1 ring-black ring-opacity-5 focus:outline-none z-50" role="menu" aria-orientation="vertical" aria-labelledby="user-menu">
                                                         <Link href={"/" + session.user.username}><a target="_blank" className="block px-4 py-2 text-sm text-gray-700 hover:bg-gray-100" role="menuitem">Your Public Page</a></Link>
                                                         <Link href="/settings/profile"><a className="block px-4 py-2 text-sm text-gray-700 hover:bg-gray-100" role="menuitem">Your Profile</a></Link>
                                                         <Link href="/settings/password"><a className="block px-4 py-2 text-sm text-gray-700 hover:bg-gray-100" role="menuitem">Login &amp; Security</a></Link>
diff --git a/pages/api/auth/[...nextauth].tsx b/pages/api/auth/[...nextauth].tsx
index 18236db1..3bfbb08d 100644
--- a/pages/api/auth/[...nextauth].tsx
+++ b/pages/api/auth/[...nextauth].tsx
@@ -44,12 +44,14 @@ export default NextAuth({
         async jwt(token, user, account, profile, isNewUser) {
             // Add username to the token right after signin
             if (user?.username) {
-                token.username = user.username
+                token.id = user.id;
+                token.username = user.username;
             }
             return token;
         },
         async session(session, token) {
             session.user = session.user || {}
+            session.user.id = token.id;
             session.user.username = token.username;
             return session;
         },
diff --git a/pages/api/auth/changepw.ts b/pages/api/auth/changepw.ts
index e4044dee..fa52f1e2 100644
--- a/pages/api/auth/changepw.ts
+++ b/pages/api/auth/changepw.ts
@@ -11,7 +11,6 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
         return;
     }
 
-    // TODO: Add user ID to user session object
     const user = await prisma.user.findFirst({
         where: {
             email: session.user.email,
diff --git a/pages/api/availability/day.ts b/pages/api/availability/day.ts
index 9816e345..b11b0400 100644
--- a/pages/api/availability/day.ts
+++ b/pages/api/availability/day.ts
@@ -11,24 +11,12 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
     }
 
     if (req.method == "PATCH") {
-        // TODO: Add user ID to user session object
-        const user = await prisma.user.findFirst({
-            where: {
-                email: session.user.email,
-            },
-            select: {
-                id: true
-            }
-        });
-
-        if (!user) { res.status(404).json({message: 'User not found'}); return; }
-
         const startMins = req.body.start;
         const endMins = req.body.end;
 
         const updateDay = await prisma.user.update({
             where: {
-                id: user.id,
+                id: session.user.id,
             },
             data: {
                 startTime: startMins,
diff --git a/pages/api/availability/eventtype.ts b/pages/api/availability/eventtype.ts
index ea37b2fc..8f03e3e9 100644
--- a/pages/api/availability/eventtype.ts
+++ b/pages/api/availability/eventtype.ts
@@ -8,20 +8,6 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
         res.status(401).json({message: "Not authenticated"});
         return;
     }
-    // TODO: Add user ID to user session object
-    const user = await prisma.user.findFirst({
-        where: {
-            email: session.user.email,
-        },
-        select: {
-            id: true
-        }
-    });
-
-    if (!user) {
-        res.status(404).json({message: 'User not found'});
-        return;
-    }
 
     if (req.method == "PATCH" || req.method == "POST") {
 
@@ -37,7 +23,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
         if (req.method == "POST") {
             const createEventType = await prisma.eventType.create({
                 data: {
-                    userId: user.id,
+                    userId: session.user.id,
                     ...data,
                 },
             });
diff --git a/pages/api/integrations.ts b/pages/api/integrations.ts
index df39f691..70bcb7d8 100644
--- a/pages/api/integrations.ts
+++ b/pages/api/integrations.ts
@@ -8,19 +8,9 @@ export default async function handler(req, res) {
 
         if (!session) { res.status(401).json({message: 'You must be logged in to do this'}); return; }
 
-        // TODO: Add user ID to user session object
-        const user = await prisma.user.findFirst({
-            where: {
-                email: session.user.email,
-            },
-            select: {
-                id: true
-            }
-        });
-
         const credentials = await prisma.credential.findMany({
             where: {
-                userId: user.id,
+                userId: session.user.id,
             },
             select: {
                 type: true,
@@ -36,18 +26,6 @@ export default async function handler(req, res) {
 
         if (!session) { res.status(401).json({message: 'You must be logged in to do this'}); return; }
 
-        // TODO: Add user ID to user session object
-        const user = await prisma.user.findFirst({
-            where: {
-                email: session.user.email,
-            },
-            select: {
-                id: true
-            }
-        });
-
-        if (!user) { res.status(404).json({message: 'User not found'}); return; }
-
         const id = req.body.id;
 
         const deleteIntegration = await prisma.credential.delete({
diff --git a/pages/api/integrations/googlecalendar/add.ts b/pages/api/integrations/googlecalendar/add.ts
index ccca79ac..5d2c4ae0 100644
--- a/pages/api/integrations/googlecalendar/add.ts
+++ b/pages/api/integrations/googlecalendar/add.ts
@@ -13,7 +13,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
 
         if (!session) { res.status(401).json({message: 'You must be logged in to do this'}); return; }
 
-        // TODO: Add user ID to user session object
+        // Get user
         const user = await prisma.user.findFirst({
             where: {
                 email: session.user.email,
diff --git a/pages/api/integrations/googlecalendar/callback.ts b/pages/api/integrations/googlecalendar/callback.ts
index a4dac4ac..d3c3476b 100644
--- a/pages/api/integrations/googlecalendar/callback.ts
+++ b/pages/api/integrations/googlecalendar/callback.ts
@@ -13,16 +13,6 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
 
     if (!session) { res.status(401).json({message: 'You must be logged in to do this'}); return; }
 
-    // TODO: Add user ID to user session object
-    const user = await prisma.user.findFirst({
-        where: {
-            email: session.user.email,
-        },
-        select: {
-            id: true
-        }
-    });
-
     const {client_secret, client_id, redirect_uris} = JSON.parse(credentials).web;
     const oAuth2Client = new google.auth.OAuth2(client_id, client_secret, redirect_uris[0]);
 
@@ -34,7 +24,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
             data: {
                 type: 'google_calendar',
                 key: token,
-                userId: user.id
+                userId: session.user.id
             }
         });
 
diff --git a/pages/api/integrations/office365calendar/add.ts b/pages/api/integrations/office365calendar/add.ts
index 7a390dca..ac263833 100644
--- a/pages/api/integrations/office365calendar/add.ts
+++ b/pages/api/integrations/office365calendar/add.ts
@@ -11,7 +11,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
 
         if (!session) { res.status(401).json({message: 'You must be logged in to do this'}); return; }
 
-        // TODO: Add user ID to user session object
+        // Get user
         const user = await prisma.user.findFirst({
             where: {
                 email: session.user.email,
diff --git a/pages/api/integrations/office365calendar/callback.ts b/pages/api/integrations/office365calendar/callback.ts
index 989e9b7b..9bb43d0e 100644
--- a/pages/api/integrations/office365calendar/callback.ts
+++ b/pages/api/integrations/office365calendar/callback.ts
@@ -10,16 +10,6 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
     const session = await getSession({req: req});
     if (!session) { res.status(401).json({message: 'You must be logged in to do this'}); return; }
 
-    // TODO: Add user ID to user session object
-    const user = await prisma.user.findFirst({
-        where: {
-            email: session.user.email,
-        },
-        select: {
-            id: true
-        }
-    });
-
     const toUrlEncoded = payload => Object.keys(payload).map( (key) => key + '=' + encodeURIComponent(payload[ key ]) ).join('&');
     const hostname = 'x-forwarded-host' in req.headers ? 'https://' + req.headers['x-forwarded-host'] : 'host' in req.headers ? (req.secure ? 'https://' : 'http://') + req.headers['host'] : '';
 
@@ -46,7 +36,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
         data: {
             type: 'office365_calendar',
             key: responseBody,
-            userId: user.id
+            userId: session.user.id
         }
     });
 
diff --git a/pages/api/user/profile.ts b/pages/api/user/profile.ts
index c471b0a3..3497eac5 100644
--- a/pages/api/user/profile.ts
+++ b/pages/api/user/profile.ts
@@ -10,7 +10,7 @@ export default async function handler(req: NextApiRequest, res: NextApiResponse)
         return;
     }
 
-    // TODO: Add user ID to user session object
+    // Get user
     const user = await prisma.user.findFirst({
         where: {
             email: session.user.email,