regalijan/car-crushers-portal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enforce event booking limit server side
All checks were successful
Test, Build, Deploy / Test, Build, and Deploy (push) Successful in 1m58s
Details
Test, Build, Deploy / Create Sentry Release (push) Successful in 9s
Details

Browse Source
This commit is contained in:
Regalijan
2026-06-02 18:31:28 -04:00
parent 3ee4a6cb29
commit 2ae11670de
1 changed files with 19 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
functions/api/events-team/events/new.ts
View File

@@ -21,8 +21,24 @@ export async function onRequestPost(context: RequestContext) {
) )
return jsonError("Invalid body", 400); return jsonError("Invalid body", 400);
const { prisma } = context.data;
if ( if (
await context.data.prisma.event.findFirst({ (await prisma.event.count({
where: {
created_by: context.data.current_user.id,
day: {
gte: now.getUTCDate(),
},
month: currentMonth,
year: currentYear,
},
})) > 3
)
return jsonError("Too many events scheduled", 403);
if (
await prisma.event.findFirst({
select: { select: {
id: true, id: true,
}, },
@@ -51,7 +67,7 @@ export async function onRequestPost(context: RequestContext) {
const weekRange = Math.floor(day / 7); const weekRange = Math.floor(day / 7);
const existingEventInRange = await context.data.prisma.event.findFirst({ const existingEventInRange = await prisma.event.findFirst({
select: { select: {
id: true, id: true,
}, },
@@ -73,7 +89,7 @@ export async function onRequestPost(context: RequestContext) {
const id = `${now.getTime()}${crypto.randomUUID().replaceAll("-", "")}`; const id = `${now.getTime()}${crypto.randomUUID().replaceAll("-", "")}`;
await context.data.prisma.event.create({ await prisma.event.create({
data: { data: {
answer: context.data.body.answer || null, answer: context.data.body.answer || null,
approved: type === "gamenight", approved: type === "gamenight",