CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
sagemathinc

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: sagemathinc/cocalc
 Path: blob/master/src/packages/next/pages/api/v2/accounts/get-email-address.ts
Views: 687
1
/*

2
Get the email address, if there is one, associated to an account_id.

3


4
SECURITY:  This is only available to admins and partners, i.e.,

5
highly privileged accounts, since we don't want anybody to be able

6
to dump our email addresses and spam people.

7
*/

8


9
import getAccountId from "lib/account/get-account";

10
import getEmailAddress from "@cocalc/server/accounts/get-email-address";

11
import getParams from "lib/api/get-params";

12
import userIsInGroup from "@cocalc/server/accounts/is-in-group";

13


14
import { apiRoute, apiRouteOperation } from "lib/api";

15
import {

16
  GetAccountEmailAddressInputSchema,

17
  GetAccountEmailAddressOutputSchema,

18
} from "lib/api/schema/accounts/get-email-address";

19


20
async function handle(req, res) {

21
  const { account_id } = getParams(req);

22
  const user_account_id = await getAccountId(req);

23
  try {

24
    res.json({ email_address: await getAddress(user_account_id, account_id) });

25
  } catch (err) {

26
    res.json({ error: err.message });

27
  }

28
}

29


30
async function getAddress(

31
  user_account_id: string | undefined,

32
  account_id: string | undefined,

33
): Promise<string | undefined> {

34
  if (account_id == null) return undefined;

35
  // check that user_account_id is admin or partner

36
  if (

37
    user_account_id == null ||

38
    (!(await userIsInGroup(user_account_id, "partner")) &&

39
      !(await userIsInGroup(user_account_id, "admin")))

40
  ) {

41
    throw Error(

42
      "you must be an admin or partner to get the email address of any account_id",

43
    );

44
  }

45


46
  // get the address

47
  return await getEmailAddress(account_id);

48
}

49


50
export default apiRoute({

51
  getEmailAddress: apiRouteOperation({

52
    method: "POST",

53
    openApiOperation: {

54
      tags: ["Accounts", "Admin"],

55
    },

56
  })

57
    .input({

58
      contentType: "application/json",

59
      body: GetAccountEmailAddressInputSchema,

60
    })

61
    .outputs([

62
      {

63
        status: 200,

64
        contentType: "application/json",

65
        body: GetAccountEmailAddressOutputSchema,

66
      },

67
    ])

68
    .handler(handle),

69
});

70


71