Skip to content

Commit ef1aede

Browse files
tomasohCHOMtomasohCHOM
committed
qrcode route: get application from user model
1 parent 994ba88 commit ef1aede

File tree

2 files changed

+10
-15
lines changed

2 files changed

+10
-15
lines changed

src/app/(site)/portal/_components/user-portal.tsx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -92,7 +92,7 @@ export default function UserPortal({ user }: UserProps) {
9292
<div className="grid gap-2">
9393
<p className="text-center">Food QR Code:</p>
9494
<img
95-
src={`/api/qrcode?email=${encodeURIComponent(user.email)}`}
95+
src="/api/qrcode"
9696
alt="User QR Code"
9797
className="aspect-square w-64"
9898
/>

src/app/api/qrcode/route.ts

Lines changed: 9 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -9,29 +9,24 @@ export async function GET(req: NextRequest) {
99
if (!session || !session.user?.email) {
1010
return new NextResponse("Unauthorized", { status: 401 });
1111
}
12-
const userEmail = session.user.email;
13-
const emailParam = req.nextUrl.searchParams.get("email");
14-
15-
if (userEmail !== emailParam) {
16-
return new NextResponse("Forbidden", { status: 403 });
17-
}
1812

19-
const application = await prisma.application.findFirst({
13+
const userEmail = session.user.email;
14+
const user = await prisma.user.findUnique({
2015
where: { email: userEmail },
21-
select: { approved: true }
16+
include: { application: true }
2217
});
23-
if (!application?.approved) {
24-
return new NextResponse("Application was not approved", { status: 403 });
18+
if (!user || !user.application || !user.application.approved) {
19+
return new NextResponse("Forbidden", { status: 403 });
2520
}
2621

22+
const email = user.application.email;
23+
if (!email) {
24+
return new NextResponse("Missing email", { status: 400 });
25+
}
2726
const token = process.env.QRCODE_TOKEN;
2827
if (!token) {
2928
return new NextResponse("Token not present", { status: 400 });
3029
}
31-
const email = req.nextUrl.searchParams.get("email");
32-
if (!email) {
33-
return new NextResponse("Missing email", { status: 400 });
34-
}
3530
const targetUrl = `https://fullyhacksqr.acmcsuf.com/users/${email}/qr.png`;
3631
const imageRes = await fetch(targetUrl, {
3732
headers: {

0 commit comments

Comments
 (0)