made qa tool unavailable in prod

mozilla · Aug 2, 2024 · ca704b3 · ca704b3
1 parent e112453
commit ca704b3
Show file tree

Hide file tree

Showing 7 changed files with 29 additions and 4 deletions.
diff --git a/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/page.tsx b/src/app/(proper_react)/(redesign)/(authenticated)/admin/qa-customs/page.tsx
@@ -28,6 +28,7 @@ export default async function DevPage() {
   };
 
   if (
+    process.env.APP_ENV === "production" ||
     !session?.user?.email ||
     !isAdmin(session.user.email) ||
     !session?.user?.subscriber?.primary_sha1 ||

diff --git a/src/app/api/v1/admin/qa-customs/hibp/route.ts b/src/app/api/v1/admin/qa-customs/hibp/route.ts
@@ -5,6 +5,7 @@
 import { NextRequest, NextResponse } from "next/server";
 import { isAdmin } from "../../../../utils/auth";
 import {
+  errorIfProduction,
   internalServerError,
   unauthError,
 } from "../../../../utils/errorThrower";
@@ -157,6 +158,9 @@ export async function DELETE(req: NextRequest) {
   const err = await checkAdmin();
   if (err) return err;
 
+  const prodErr = errorIfProduction();
+  if (prodErr !== null) return prodErr;
+
   const emailHashFull = req.nextUrl.searchParams.get("emailHashFull");
   const breachId = Number(req.nextUrl.searchParams.get("breachId"));
 

diff --git a/src/app/api/v1/admin/qa-customs/onerep/route.ts b/src/app/api/v1/admin/qa-customs/onerep/route.ts
@@ -5,6 +5,7 @@
 import { NextRequest, NextResponse } from "next/server";
 import { isAdmin } from "../../../../utils/auth";
 import {
+  errorIfProduction,
   internalServerError,
   unauthError,
 } from "../../../../utils/errorThrower";
@@ -50,6 +51,9 @@ export async function GET(req: NextRequest) {
   const err = await checkAdmin();
   if (err) return err;
 
+  const prodErr = errorIfProduction();
+  if (prodErr !== null) return prodErr;
+
   const profileId = Number(req.nextUrl.searchParams.get("onerep_profile_id"));
 
   if (!profileId || Number.isNaN(profileId)) {
@@ -66,6 +70,9 @@ export async function POST(req: NextRequest) {
   const err = await checkAdmin();
   if (err) return err;
 
+  const prodErr = errorIfProduction();
+  if (prodErr !== null) return prodErr;
+
   const body = await req.json();
 
   const onerep_profile_id = parseInt(body.onerep_profile_id || "21", 10);
@@ -113,6 +120,9 @@ export async function DELETE(req: NextRequest) {
   const err = await checkAdmin();
   if (err) return err;
 
+  const prodErr = errorIfProduction();
+  if (prodErr !== null) return prodErr;
+
   const onerepScanResultId = Number(
     req.nextUrl.searchParams.get("onerep_scan_result_id"),
   );
@@ -132,6 +142,9 @@ export async function PUT(req: NextRequest) {
   const err = await checkAdmin();
   if (err) return err;
 
+  const prodErr = errorIfProduction();
+  if (prodErr !== null) return prodErr;
+
   const onerepScanResultId = Number(
     req.nextUrl.searchParams.get("onerep_scan_result_id"),
   );

diff --git a/src/app/api/v1/admin/qa-customs/route.ts b/src/app/api/v1/admin/qa-customs/route.ts
@@ -6,9 +6,12 @@ import { NextRequest, NextResponse } from "next/server";
 import { getServerSession } from "../../../../functions/server/getServerSession";
 import { setQaToggle } from "../../../../../db/tables/qa_customs";
 import { isAdmin } from "../../../utils/auth";
-import { unauthError } from "../../../utils/errorThrower";
+import { errorIfProduction, unauthError } from "../../../utils/errorThrower";
 
 export async function PUT(req: NextRequest) {
+  const err = errorIfProduction();
+  if (err !== null) return err;
+
   const session = await getServerSession();
   if (!isAdmin(session?.user.email || "")) return unauthError();
 

diff --git a/src/db/tables/onerep_scans.ts b/src/db/tables/onerep_scans.ts
@@ -152,7 +152,7 @@ async function getLatestOnerepScanResults(
 
   if (typeof scan !== "undefined") {
     const qaToggles = await getQaToggleRow(onerepProfileId);
-    let showCustomBrokers = true;
+    let showCustomBrokers = false;
     let showRealBrokers = true;
 
     if (qaToggles) {

diff --git a/src/db/tables/qa_customs.ts b/src/db/tables/qa_customs.ts
@@ -65,6 +65,10 @@ enum AllowedToggleColumns {
   ShowCustomBrokers = "show_custom_brokers",
 }
 
+function envIsProd() {
+  return process.env.APP_ENV === "production";
+}
+
 async function getQaCustomBrokers(
   onerepProfileId: number | null,
   onerepScanId: number | undefined | null,
@@ -183,7 +187,7 @@ async function deleteQaCustomBreach(
 }
 
 async function getQaToggleRow(emailHashOrOneRepId: string | number | null) {
-  if (emailHashOrOneRepId === null) {
+  if (emailHashOrOneRepId === null || envIsProd()) {
     return null;
   }
   if (typeof emailHashOrOneRepId === "string") {

diff --git a/src/utils/hibp.ts b/src/utils/hibp.ts
@@ -312,7 +312,7 @@ async function getBreachesForEmail(
   const path = `/range/search/${sha1Prefix}`;
 
   const qaToggles = await getQaToggleRow(sha1);
-  let showCustomBreaches = true;
+  let showCustomBreaches = false;
   let showRealBreaches = true;
   if (qaToggles) {
     showCustomBreaches = qaToggles.show_custom_breaches;