From 821311a287f89fbe623278331515f5636ed5eb46 Mon Sep 17 00:00:00 2001
From: Aashish Dhakal <85501584+dhakalaashish@users.noreply.github.com>
Date: Fri, 8 Sep 2023 15:11:13 +0545
Subject: [PATCH] update prisma schema, isVerified and authorization checks

---
 apps/server/prisma/schema.prisma            |  1 +
 apps/server/src/server/api/routers/alert.ts | 30 ++++++++++++++++++---
 2 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/apps/server/prisma/schema.prisma b/apps/server/prisma/schema.prisma
index c936b757f..75c11bf3c 100644
--- a/apps/server/prisma/schema.prisma
+++ b/apps/server/prisma/schema.prisma
@@ -102,6 +102,7 @@ model GeoEventProvider {
     clientId       String // LANDSAT_NRT
     fetchFrequency Int?
     isActive       Boolean
+    isVerified     Boolean
     lastRun        DateTime?
     config         Json
     userId         String?
diff --git a/apps/server/src/server/api/routers/alert.ts b/apps/server/src/server/api/routers/alert.ts
index 3f58ce5dd..6c9066250 100644
--- a/apps/server/src/server/api/routers/alert.ts
+++ b/apps/server/src/server/api/routers/alert.ts
@@ -152,7 +152,9 @@ export const alertRouter = createTRPCRouter({
                 });
             }
         }),
-
+    
+        // TODO: Make sure that the siteId must belong to the clientApiKey!
+        // TODO: We need to check if the geoEventProvider is verified or enabled or not! 
         create: protectedProcedure
         .input(createAlertSchema)
         .mutation(async ({ ctx, input }) => {
@@ -219,12 +221,32 @@ export const alertRouter = createTRPCRouter({
                     });
                 }
     
-                // Get site from the database using siteId; if not found, throw an error
-                const site = await ctx.prisma.site.findUnique({ where: { id: siteId } });
+                if(!provider.isVerified){
+                    throw new TRPCError({
+                        code: "METHOD_NOT_SUPPORTED",
+                        message: `GeoEventProvider is not verified. Verify it first to create alerts.`,
+                    });
+                }
+
+                // Find the userId associated with the provider
+                // Since the provider is either found by using the user's authorization headers, or by using the clientApiKey
+                // This ensures that, there is no difference between a user accessing their own provider, 
+                // or someone else accessing the provider with the clientApiKey (which acts as a password for the provider) 
+                // Then, we can find the provider.userId for that provider.
+                const providerUserId = provider.userId ? provider.userId : ""
+
+                // Get site from the database using siteId and providerUserId; if not found, throw an error
+                const site = await ctx.prisma.site.findUnique({ 
+                    where: { 
+                        id: siteId,
+                        userId: providerUserId,
+                    } 
+                });
                 if (!site) {
                     throw new TRPCError({
                         code: "NOT_FOUND",
-                        message: `Site Not Found`,
+                        message: `Site Not Found.`,
+                        // Either the site does not exist, or not authorized to access that site.
                     });
                 }