import { db } from "@/lib/db" import { NextResponse } from "next/server"; import fetchUserWithImpersonation from "@/lib/fetch-user-impersonation"; import { z } from "zod"; export async function GET(req: Request) { try { const user = await fetchUserWithImpersonation(req) if (!user) return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 }); const commands = await db.groupPermission.findMany({ where: { userId: user.id } }) return NextResponse.json(commands.map(({userId, ...attrs}) => attrs)); } catch (error) { return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 }) } } const permissionPathSchema = z.string({ required_error: "Permission path should be available.", invalid_type_error: "Permission path must be a string" }).regex(/^[\w\-\.]{1,64}$/, "Permission path must contain only letters, numbers, dashes, periods.") export async function POST(req: Request) { try { const user = await fetchUserWithImpersonation(req) if (!user) return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 }); const { path, allow, groupId }: { path: string, allow: boolean, groupId: string } = await req.json(); if (!path) return NextResponse.json({ message: 'path does not exist.', error: null, value: null }, { status: 400 }); const permissionPathValidation = permissionPathSchema.safeParse(path) if (!permissionPathValidation.success) return NextResponse.json({ message: 'path must meet certain requirements.', error: JSON.parse(permissionPathValidation.error['message'])[0], value: null }, { status: 400 }); if (!groupId) return NextResponse.json({ message: 'groupId does not exist.', error: null, value: null }, { status: 400 }); if (groupId.length > 64) return NextResponse.json({ message: 'groupId is too long.', error: null, value: null }, { status: 400 }); const permission = await db.groupPermission.create({ data: { userId: user.id, path, allow, groupId } }); return NextResponse.json(permission, { status: 200 }); } catch (error) { return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 }) } } export async function PUT(req: Request) { try { const user = await fetchUserWithImpersonation(req) if (!user) return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 }); const { id, path, allow }: { id: string, path: string, allow: boolean|null } = await req.json(); if (!id) return NextResponse.json({ message: 'id does not exist.', error: null, value: null }, { status: 400 }); if (!path) return NextResponse.json({ message: 'path does not exist.', error: null, value: null }, { status: 400 }); const permissionPathValidation = permissionPathSchema.safeParse(path) if (!permissionPathValidation.success) return NextResponse.json({ message: 'path must meet certain requirements.', error: JSON.parse(permissionPathValidation.error['message'])[0], value: null }, { status: 400 }); const permission = await db.groupPermission.update({ where: { id }, data: { path, allow } }); return NextResponse.json(permission, { status: 200 }); } catch (error) { return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 }) } } export async function DELETE(req: Request) { try { const user = await fetchUserWithImpersonation(req) if (!user) return NextResponse.json({ message: 'Unauthorized.', error: null, value: null }, { status: 401 }); const { searchParams } = new URL(req.url) const id = searchParams.get('id') as string const permission = await db.groupPermission.delete({ where: { id } }) return NextResponse.json(permission); } catch (error) { return NextResponse.json({ message: 'Something went wrong', error: error, value: null }, { status: 500 }) } }