fix api permission error

src/lib/actions.ts

@@ -4,7 +4,7 @@ import crypto from "crypto";
 import fs from "fs/promises";
 import { getServerSession } from "next-auth";
 import { AuditLog, auditLog } from "./audit";
-import { AliasEntry, AliasRequestEntry, ApiKeyEntry, approveAliasEntry, createAliasEntry, createApiKeyEntry, createTempAliasRequestEntry, createUserEntry, database, deleteAliasEntry, deleteApiKey, deleteTempAliasRequestEntry, getAlias, getAllAliases, getApiKeyById, getTempAliasRequestEntry, getUserAliases, getUserApiKeys, setUserPassword } from "./db";
+import { AliasEntry, AliasRequestEntry, ApiKeyEntry, approveAliasEntry, createAliasEntry, createApiKeyEntry, createTempAliasRequestEntry, createUserEntry, database, deleteAliasEntry, deleteApiKey, deleteTempAliasRequestEntry, getAlias, getAllAliases, getApiKeyById, getTempAliasRequestEntry, getUserAliases, getUserApiKeys, isAliasAvailable, setUserPassword } from "./db";
 import { aliasesNeedApproval, anonymizeApiKey, generateAliasEmail, isAdmin } from "./util";
 
 export async function fetchAllUsers(): Promise<string[]> {
@@ -55,38 +55,14 @@ export async function aliasAvailable(email: string, searchTempRequests: boolean
   const session = await getServerSession();
   if (!session?.user) throw new Error("Unauthenticated");
 
-  return new Promise<boolean>((resolve, reject) => {
-    const db = database('aliases');
-    db.get('SELECT id FROM aliases WHERE alias = ?', email.toLowerCase(), (err, res) => {
-      if (!searchTempRequests || err) db.close();
-      if (err) return reject(err);
-      if (res != undefined) return resolve(false);
-
-      const authDb = database('credentials');
-      authDb.get('SELECT key FROM passwords WHERE key = ?', email.toLowerCase(), (err, res) => {
-        authDb.close();
-        if (err) return reject(err);
-
-        if (!searchTempRequests) {
-          return resolve(res == undefined);
-        } else {
-          db.get('SELECT key FROM temp_alias_requests WHERE alias = ?', email.toLowerCase(), (err, res) => {
-            db.close();
-            if (err) return reject(err);
-
-            return resolve(res == undefined);
-          });
-        }
-      });
-    });
-  });
+  return await isAliasAvailable(email, searchTempRequests);
 }
 
 export async function createAlias(user: string, alias: string): Promise<AliasEntry> {
   const session = await getServerSession();
   if (!session?.user?.email) throw new Error("Unauthenticated");
   if (!isAdmin(session)) throw new Error("Unauthenticated");
-  if (!await aliasAvailable(alias)) throw new Error("Alias unavailable");
+  if (!await isAliasAvailable(alias)) throw new Error("Alias unavailable");
 
   const id = await createAliasEntry(user, alias.toLowerCase(), false);
 
@@ -107,7 +83,7 @@ export async function createAliasSelf(alias: string): Promise<AliasEntry> {
   if (!session?.user?.email) throw new Error("Unauthenticated");
 
   const pending = aliasesNeedApproval(session);
-  if (!await aliasAvailable(alias)) throw new Error("Alias unavailable");
+  if (!await isAliasAvailable(alias)) throw new Error("Alias unavailable");
 
   const id = await createAliasEntry(session.user.email, alias.toLowerCase(), pending);
   const res = {
@@ -218,7 +194,7 @@ export async function createUser(email: string, password: string) {
   if (!session?.user?.email) throw new Error("Unauthenticated");
   if (!isAdmin(session)) throw new Error("Unauthorized");
 
-  if (!await aliasAvailable(email.toLowerCase())) {
+  if (!await isAliasAvailable(email.toLowerCase())) {
     throw new Error("Alias unavailable");
   }
 

src/lib/db.ts

@@ -134,6 +134,34 @@ export function getAlias(alias: string) {
   });
 }
 
+export function isAliasAvailable(email: string, searchTempRequests: boolean = false) {
+  return new Promise<boolean>((resolve, reject) => {
+    const db = database('aliases');
+    db.get('SELECT id FROM aliases WHERE alias = ?', email.toLowerCase(), (err, res) => {
+      if (!searchTempRequests || err) db.close();
+      if (err) return reject(err);
+      if (res != undefined) return resolve(false);
+
+      const authDb = database('credentials');
+      authDb.get('SELECT key FROM passwords WHERE key = ?', email.toLowerCase(), (err, res) => {
+        authDb.close();
+        if (err) return reject(err);
+
+        if (!searchTempRequests) {
+          return resolve(res == undefined);
+        } else {
+          db.get('SELECT key FROM temp_alias_requests WHERE alias = ?', email.toLowerCase(), (err, res) => {
+            db.close();
+            if (err) return reject(err);
+
+            return resolve(res == undefined);
+          });
+        }
+      });
+    });
+  });
+}
+
 export function createAliasEntry(user: string, alias: string, pending: boolean, temporary: boolean = false) {
   return new Promise<number>(async (resolve, reject) => {
     const db = database('aliases');

src/lib/util.ts

@@ -1,9 +1,8 @@
 import { Session } from 'next-auth';
 import crypto from 'crypto';
-import { ApiKeyEntry } from './db';
+import { ApiKeyEntry, isAliasAvailable } from './db';
 import * as random_words from "random-words";
 import { TEMP_EMAIL_DOMAIN } from './constants';
-import { aliasAvailable } from './actions';
 
 export function sha256sum(input: any) {
   const hash = crypto.createHash('sha256');
@@ -45,7 +44,7 @@ export async function generateAliasEmail(label: string, style: 'words' | 'random
         throw new Error("Invalid style");
     }
     email = `${labelAtEnd ? `${randomString}-${label}` : `${label}-${randomString}`}@${TEMP_EMAIL_DOMAIN}`;
-  } while (!await aliasAvailable(email, true));
+  } while (!await isAliasAvailable(email, true));
 
   return email;
 }