fix: outlink manage can delete/update others (#2158)

* fix: outlink manage be able to delete/update others * fix: remove enum validation for teamMemberSchema. because the old data has the role property, which may cause unknown bug * perf: change findAndRemove to deleteOne
2025-07-24 22:03:54 +00:00 · 2024-07-25 13:52:16 +08:00
parent 45b8d7e8de
commit 87dac54f1e
4 changed files with 26 additions and 27 deletions
--- a/projects/app/src/pages/api/support/openapi/delete.ts
+++ b/projects/app/src/pages/api/support/openapi/delete.ts
@@ -1,29 +1,28 @@
-import type { NextApiRequest, NextApiResponse } from 'next';
-import { jsonRes } from '@fastgpt/service/common/response';
-import { connectToDatabase } from '@/service/mongo';
 import { MongoOpenApi } from '@fastgpt/service/support/openapi/schema';
 import { authOpenApiKeyCrud } from '@fastgpt/service/support/permission/auth/openapi';
 import { OwnerPermissionVal } from '@fastgpt/global/support/permission/constant';
 import { CommonErrEnum } from '@fastgpt/global/common/error/code/common';
+import type { ApiRequestProps, ApiResponseType } from '@fastgpt/service/type/next';
+import { NextAPI } from '@/service/middleware/entry';

-export default async function handler(req: NextApiRequest, res: NextApiResponse) {
-  try {
-    await connectToDatabase();
-    const { id } = req.query as { id: string };
+export type OpenAPIDeleteQuery = { id: string };
+export type OpenAPIDeleteBody = {};
+export type OpenAPIDeleteResponse = {};

-    if (!id) {
-      return Promise.reject(CommonErrEnum.missingParams);
-    }
+async function handler(
+  req: ApiRequestProps<OpenAPIDeleteBody, OpenAPIDeleteQuery>,
+  _res: ApiResponseType<any>
+): Promise<OpenAPIDeleteResponse> {
+  const { id } = req.query as { id: string };

-    await authOpenApiKeyCrud({ req, authToken: true, id, per: OwnerPermissionVal });
-
-    await MongoOpenApi.findOneAndRemove({ _id: id });
-
-    jsonRes(res);
-  } catch (err) {
-    jsonRes(res, {
-      code: 500,
-      error: err
-    });
+  if (!id) {
+    return Promise.reject(CommonErrEnum.missingParams);
  }
+
+  await authOpenApiKeyCrud({ req, authToken: true, id, per: OwnerPermissionVal });
+
+  await MongoOpenApi.deleteOne({ _id: id });
+  return {};
 }
+
+export default NextAPI(handler);