From 5e54d0a80fc660c07197ac1fb49a9f95c743d366 Mon Sep 17 00:00:00 2001
From: Marcel Pociot <m.pociot@gmail.com>
Date: Tue, 1 Jun 2021 20:26:23 +0200
Subject: [PATCH] API modifications

---
 .../Controllers/Admin/GetUserDetailsController.php | 14 ++++++++++----
 .../Controllers/Admin/StoreSubdomainController.php | 10 +++++++++-
 .../UserRepository/DatabaseUserRepository.php      |  8 +++++++-
 3 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/app/Server/Http/Controllers/Admin/GetUserDetailsController.php b/app/Server/Http/Controllers/Admin/GetUserDetailsController.php
index 6fe8b0d..a5bdbe3 100644
--- a/app/Server/Http/Controllers/Admin/GetUserDetailsController.php
+++ b/app/Server/Http/Controllers/Admin/GetUserDetailsController.php
@@ -25,10 +25,16 @@ class GetUserDetailsController extends AdminController
 
     public function handle(Request $request, ConnectionInterface $httpConnection)
     {
-        $this->userRepository
-            ->getUserById($request->get('id'))
-            ->then(function ($user) use ($httpConnection, $request) {
-                $this->subdomainRepository->getSubdomainsByUserId($request->get('id'))
+        $id = $request->get('id');
+
+        if (! is_numeric($id)) {
+            $promise = $this->userRepository->getUserByToken($id);
+        } else {
+            $promise = $this->userRepository->getUserById($id);
+        }
+
+        $promise->then(function ($user) use ($httpConnection, $request) {
+                $this->subdomainRepository->getSubdomainsByUserId($user['id'])
                     ->then(function ($subdomains) use ($httpConnection, $user) {
                         $httpConnection->send(
                             respond_json([
diff --git a/app/Server/Http/Controllers/Admin/StoreSubdomainController.php b/app/Server/Http/Controllers/Admin/StoreSubdomainController.php
index b216b96..d564267 100644
--- a/app/Server/Http/Controllers/Admin/StoreSubdomainController.php
+++ b/app/Server/Http/Controllers/Admin/StoreSubdomainController.php
@@ -39,7 +39,8 @@ class StoreSubdomainController extends AdminController
             return;
         }
 
-        $this->userRepository->getUserByToken($request->get('auth_token', ''))
+        $this->userRepository
+            ->getUserByToken($request->get('auth_token', ''))
             ->then(function ($user) use ($httpConnection, $request) {
                 if (is_null($user)) {
                     $httpConnection->send(respond_json(['error' => 'The user does not exist'], 404));
@@ -55,6 +56,13 @@ class StoreSubdomainController extends AdminController
                     return;
                 }
 
+                if (in_array($request->get('subdomain'), config('expose.admin.reserved_subdomains', []))) {
+                    $httpConnection->send(respond_json(['error' => 'The subdomain is already taken.'], 422));
+                    $httpConnection->close();
+
+                    return;
+                }
+
                 $insertData = [
                     'user_id' => $user['id'],
                     'subdomain' => $request->get('subdomain'),
diff --git a/app/Server/UserRepository/DatabaseUserRepository.php b/app/Server/UserRepository/DatabaseUserRepository.php
index dd8a47a..cddc841 100644
--- a/app/Server/UserRepository/DatabaseUserRepository.php
+++ b/app/Server/UserRepository/DatabaseUserRepository.php
@@ -134,7 +134,13 @@ class DatabaseUserRepository implements UserRepository
         $this->database
             ->query('SELECT * FROM users WHERE auth_token = :token', ['token' => $authToken])
             ->then(function (Result $result) use ($deferred) {
-                $deferred->resolve($result->rows[0] ?? null);
+                $user = $result->rows[0] ?? null;
+
+                if (! is_null($user)) {
+                    $user = $this->getUserDetails($user);
+                }
+
+                $deferred->resolve($user);
             });
 
         return $deferred->promise();