From 0e84945ab44bd3e3e5336a8865f225327e18c05e Mon Sep 17 00:00:00 2001
From: Thomas Ruoff <truoff@brandwatch.com>
Date: Sat, 2 Oct 2021 01:03:02 +0200
Subject: [PATCH] rip out all old auth data

---
 components/navigation.tsx             | 15 ++++++---------
 context/user.tsx                      |  9 ---------
 package-lock.json                     |  5 +++++
 package.json                          |  1 +
 pages/admin/bookings/[uuid]/bill.tsx  | 25 +++++--------------------
 pages/admin/bookings/[uuid]/index.tsx | 26 +-------------------------
 pages/api/bookings/[uuid]/bill.ts     |  9 ++-------
 pages/api/bookings/[uuid]/index.ts    | 21 ++-------------------
 8 files changed, 22 insertions(+), 89 deletions(-)
 delete mode 100644 context/user.tsx

diff --git a/components/navigation.tsx b/components/navigation.tsx
index bb248ea..0d9e5fb 100644
--- a/components/navigation.tsx
+++ b/components/navigation.tsx
@@ -1,9 +1,10 @@
-import { useContext } from 'react'
 import { useRouter } from 'next/router'
 import Link from 'next/link'
+
+import { useSession } from 'next-auth/react'
+
 import User from './user'
-import UserContext from '../context/user'
-import { USER_ROLE } from '../lib/session'
+
 
 const pathNameLabelMap = {
   '/login': 'Login',
@@ -20,8 +21,8 @@ function getPathNameMap(route: string) {
 }
 
 export default function Navigation() {
+  const { data, status } = useSession();
   const router = useRouter()
-  const { role } = useContext(UserContext)
 
   const pathname = router.pathname
   if (pathname.length === 0 || pathname === '/') {
@@ -30,17 +31,13 @@ export default function Navigation() {
 
   const pathLabel = getPathNameMap(pathname)
 
-  if (!pathLabel && role !== USER_ROLE.ADMIN) {
-    return null
-  }
-
   return (
     <div className="flex flex-row items-center px-3 py-1 text-white text-base bg-blue-400 rounded-b-sm">
       <>
         <h2 className="mx-1">
           <span className="font-extrabold">{pathLabel}</span>
         </h2>
-        {role === USER_ROLE.ADMIN && (
+        {status === 'authenticated' && data.user.email && (
           <Link href="/admin">
             <a className="text-gray-300 hover:bg-gray-700 hover:text-white px-3 py-2 rounded-md text-sm font-medium">
               Buchungen
diff --git a/context/user.tsx b/context/user.tsx
deleted file mode 100644
index b092f6b..0000000
--- a/context/user.tsx
+++ /dev/null
@@ -1,9 +0,0 @@
-import React from 'react'
-import { UserData } from '../lib/session'
-
-const UserContext = React.createContext<UserData>({
-  username: undefined,
-  role: undefined,
-})
-
-export default UserContext
diff --git a/package-lock.json b/package-lock.json
index d04601c..f98c8d1 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -8694,6 +8694,11 @@
       "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-1.1.76.tgz",
       "integrity": "sha512-9/IECtNr8dXNmPWmFXepT0/7o5eolGesHUa3mtr0KlgnCvnZxwh2qensKL42JJY2vQKC3nIBXetFAqR+PW1CmA=="
     },
+    "nodemailer": {
+      "version": "6.6.5",
+      "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-6.6.5.tgz",
+      "integrity": "sha512-C/v856DBijUzHcHIgGpQoTrfsH3suKIRAGliIzCstatM2cAa+MYX3LuyCrABiO/cdJTxgBBHXxV1ztiqUwst5A=="
+    },
     "normalize-package-data": {
       "version": "2.5.0",
       "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.5.0.tgz",
diff --git a/package.json b/package.json
index 0cd88fb..54983f7 100644
--- a/package.json
+++ b/package.json
@@ -19,6 +19,7 @@
     "next-auth": "^4.0.0-beta.2",
     "next-iron-session": "4.1.14",
     "next-mdx-remote": "3.0.4",
+    "nodemailer": "^6.6.5",
     "p-retry": "4.6.1",
     "react": "17.0.2",
     "react-calendar": "3.4.0",
diff --git a/pages/admin/bookings/[uuid]/bill.tsx b/pages/admin/bookings/[uuid]/bill.tsx
index 50c93a3..537cd8f 100644
--- a/pages/admin/bookings/[uuid]/bill.tsx
+++ b/pages/admin/bookings/[uuid]/bill.tsx
@@ -9,32 +9,18 @@ import { getMilageMax } from '../../../../db/index'
 import { daysFormatFrontend } from '../../../../helpers/date'
 import { getBillTotal, createBill, patchBill } from '../../../../helpers/bill'
 import { getBookingStatus } from '../../../../helpers/booking'
-import withSession, {
-  isAdminSession,
-  redirectToLogin,
-} from '../../../../lib/session'
 import { getServerSideBooking } from '../../../../lib/getServerSideProps'
 
-export const getServerSideProps = withSession(async (context) => {
-  const { req, res } = context
-
-  const adminUser = isAdminSession(req)
-
-  if (!adminUser) {
-    redirectToLogin(req, res)
-    return { props: {} }
-  }
-
+export const getServerSideProps = async (context) => {
   const milageMax = await getMilageMax()
   const serverSideBookingProps = await getServerSideBooking(context)
   return {
     props: {
       ...serverSideBookingProps.props,
       milageMax,
-      user: adminUser,
     },
-  }
-})
+  };
+}
 
 const milageTarifOptions = Object.values(MILAGE_TARIFS).map((tarif) => {
   return (
@@ -217,9 +203,8 @@ export default function BookingBillPage({
                       >
                         -
                       </button>
-                      <label className="flabel inline">{`Kostenpunkt ${
-                        index + 1
-                      }`}</label>
+                      <label className="flabel inline">{`Kostenpunkt ${index + 1
+                        }`}</label>
                     </div>
                     <div className="ml-10 mb-3" key={`input{index}`}>
                       <Input
diff --git a/pages/admin/bookings/[uuid]/index.tsx b/pages/admin/bookings/[uuid]/index.tsx
index 834da28..eaa01a4 100644
--- a/pages/admin/bookings/[uuid]/index.tsx
+++ b/pages/admin/bookings/[uuid]/index.tsx
@@ -1,40 +1,16 @@
 import React, { useEffect, useState } from 'react'
-import { GetServerSideProps } from 'next'
 import { useRouter } from 'next/router'
 import Link from 'next/link'
 import Footer from '../../../../components/footer'
 import Header from '../../../../components/header'
 import Calendar from '../../../../components/calendar'
-import withSession, {
-  isAdminSession,
-  redirectToLogin,
-} from '../../../../lib/session'
 import { getServerSideBooking } from '../../../../lib/getServerSideProps'
 import { Booking } from '../../../../db/booking'
 import { getBookingStatus, patchBooking } from '../../../../helpers/booking'
 import { daysFormatFrontend } from '../../../../helpers/date'
 import { BOOKING_STATUS } from '../../../../db/enums'
 
-export const getServerSideProps: GetServerSideProps = withSession(
-  async (context) => {
-    const { req, res } = context
-
-    const adminUser = isAdminSession(req)
-
-    if (!adminUser) {
-      redirectToLogin(req, res)
-      return { props: {} }
-    }
-
-    const result = await getServerSideBooking(context)
-    return {
-      ...result,
-      // TODO: have a closer look at this type issue. Seems like a bug
-      // @ts-ignore
-      props: { ...result.props, user: adminUser },
-    }
-  }
-)
+export const getServerSideProps = getServerSideBooking;
 
 export default function ShowBookingAdmin({
   booking: bookingProp,
diff --git a/pages/api/bookings/[uuid]/bill.ts b/pages/api/bookings/[uuid]/bill.ts
index 741be06..3b8afaf 100644
--- a/pages/api/bookings/[uuid]/bill.ts
+++ b/pages/api/bookings/[uuid]/bill.ts
@@ -1,12 +1,7 @@
 import { Bill } from '../../../../db/bill'
 import { createBill, patchBill } from '../../../../db/index'
-import withSession, { isAdminSession } from '../../../../lib/session'
 
-export default withSession(async function billHandler(req, res): Promise<void> {
-  if (!isAdminSession(req)) {
-    res.status(403).send({ message: 'Not Authorized' })
-    return
-  }
+export default async function billHandler(req, res): Promise<void> {
 
   const {
     method,
@@ -41,4 +36,4 @@ export default withSession(async function billHandler(req, res): Promise<void> {
       res.setHeader('Allow', ['POST', 'PATCH'])
       res.status(405).end(`Method ${method} Not Allowed`)
   }
-})
+}
diff --git a/pages/api/bookings/[uuid]/index.ts b/pages/api/bookings/[uuid]/index.ts
index 4f5d4a9..872b1a4 100644
--- a/pages/api/bookings/[uuid]/index.ts
+++ b/pages/api/bookings/[uuid]/index.ts
@@ -2,9 +2,8 @@ import { NextApiRequest, NextApiResponse } from 'next'
 import { BookingDocument } from '../../../../db/booking'
 import { BOOKING_STATUS } from '../../../../db/enums'
 import { getBookingByUUID } from '../../../../db/index'
-import withSession, { isAdminSession } from '../../../../lib/session'
 
-export default withSession(async function userHandler(
+export default async function userHandler(
   req: NextApiRequest,
   res: NextApiResponse
 ): Promise<void> {
@@ -21,22 +20,6 @@ export default withSession(async function userHandler(
     case 'PATCH':
       booking = await getBookingByUUID(uuid)
 
-      if (!isAdminSession(req)) {
-        const deniedPropsForUser = Object.keys(req.body).filter(
-          (key) => key !== 'status'
-        )
-        if (deniedPropsForUser.length) {
-          res
-            .status(400)
-            .end(
-              `The following attributes cannot be changed: ${deniedPropsForUser.join(
-                ', '
-              )}`
-            )
-          break
-        }
-      }
-
       if (!Object.values(BOOKING_STATUS).includes(req.body.status)) {
         res
           .status(400)
@@ -60,4 +43,4 @@ export default withSession(async function userHandler(
       res.setHeader('Allow', ['PATCH'])
       res.status(405).end(`Method ${method} Not Allowed`)
   }
-})
+}