CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
sagemathinc

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: sagemathinc/cocalc
 Path: blob/master/src/packages/next/lib/api/bookmarks.ts
Views: 687
1
/*

2
 *  This file is part of CoCalc: Copyright © 2024 Sagemath, Inc.

3
 *  License: MS-RSL – see LICENSE.md for details

4
 */

5


6
import isCollaborator from "@cocalc/server/projects/is-collaborator";

7
import getAccountId from "lib/account/get-account";

8
import getParams from "lib/api/get-params";

9


10
import {

11
  BookmarkGetInputSchema,

12
  BookmarkSetInputSchema,

13
} from "lib/api/schema/bookmarks";

14


15
// Process a request for the api/v2/bookmarks/* endpoints

16


17
// TODO: deduplicate this with proper typing

18


19
export async function processSetRequest(req) {

20
  // ATTN: very confusing: this is the account_id or project_id for project level API keys

21
  // Since bookmakrs are account specific (and collaborators shouldn't snoop on others), we block project keys

22
  // In the future, there might be project-wide stars, which are not account specific.

23
  const account_id = await getAccountId(req);

24
  if (!account_id) {

25
    throw Error("must be signed in");

26
  }

27


28
  const data = BookmarkSetInputSchema.parse(getParams(req));

29


30
  if (account_id === data.project_id) {

31
    throw new Error(

32
      `As of now, you cannot use a project-level API key to modify account specific bookmarks. Use the account level API key!`,

33
    );

34
  }

35


36
  if (!(await isCollaborator({ account_id, project_id: data.project_id }))) {

37
    throw Error("user must be a collaborator on the project");

38
  }

39


40
  return { ...data, account_id };

41
}

42


43
export async function processGetRequest(req) {

44
  // ATTN: very confusing: this is the account_id or project_id for project level API keys

45
  const account_id = await getAccountId(req);

46
  if (!account_id) {

47
    throw Error("must be signed in");

48
  }

49


50
  const data = BookmarkGetInputSchema.parse(getParams(req));

51


52
  if (account_id === data.project_id) {

53
    throw new Error(

54
      `As of now, you cannot use a project-level API key to modify account specific bookmarks. Use the account level API key!`,

55
    );

56
  }

57


58
  if (!(await isCollaborator({ account_id, project_id: data.project_id }))) {

59
    throw Error("user must be a collaborator on the project");

60
  }

61


62
  return { ...data, account_id };

63
}

64


65