share api, queries, permissions, migration, entity lib

src/app/api/share/[shareId]/route.ts

@@ -1,19 +1,80 @@
-import { secret } from '@/lib/crypto';
-import { createToken } from '@/lib/jwt';
-import { json, notFound } from '@/lib/response';
-import { getSharedWebsite } from '@/queries/prisma';
+import z from 'zod';
+import { parseRequest } from '@/lib/request';
+import { json, notFound, ok, unauthorized } from '@/lib/response';
+import { anyObjectParam } from '@/lib/schema';
+import { canDeleteEntity, canUpdateEntity, canViewEntity } from '@/permissions';
+import { deleteShare, getShare, updateShare } from '@/queries/prisma';
+
+export async function GET(request: Request, { params }: { params: Promise<{ shareId: string }> }) {
+  const { auth, error } = await parseRequest(request);
+
+  if (error) {
+    return error();
+  }
 
-export async function GET(_request: Request, { params }: { params: Promise<{ shareId: string }> }) {
   const { shareId } = await params;
 
-  const website = await getSharedWebsite(shareId);
+  const share = await getShare(shareId);
 
-  if (!website) {
+  if (!(await canViewEntity(auth, share.entityId))) {
+    return unauthorized();
+  }
+
+  return json(share);
+}
+
+export async function POST(request: Request, { params }: { params: Promise<{ shareId: string }> }) {
+  const schema = z.object({
+    slug: z.string().max(100),
+    parameters: anyObjectParam,
+  });
+
+  const { auth, body, error } = await parseRequest(request, schema);
+
+  if (error) {
+    return error();
+  }
+
+  const { shareId } = await params;
+  const { slug, parameters } = body;
+
+  const share = await getShare(shareId);
+
+  if (!share) {
     return notFound();
   }
 
-  const data = { websiteId: website.id };
-  const token = createToken(data, secret());
+  if (!(await canUpdateEntity(auth, share.entityId))) {
+    return unauthorized();
+  }
 
-  return json({ ...data, token });
+  const result = await updateShare(shareId, {
+    slug,
+    parameters,
+  } as any);
+
+  return json(result);
+}
+
+export async function DELETE(
+  request: Request,
+  { params }: { params: Promise<{ shareId: string }> },
+) {
+  const { auth, error } = await parseRequest(request);
+
+  if (error) {
+    return error();
+  }
+
+  const { shareId } = await params;
+
+  const share = await getShare(shareId);
+
+  if (!(await canDeleteEntity(auth, share.entityId))) {
+    return unauthorized();
+  }
+
+  await deleteShare(shareId);
+
+  return ok();
 }

src/app/api/share/[slug]/route.ts

@@ -0,0 +1,19 @@
+import { secret } from '@/lib/crypto';
+import { createToken } from '@/lib/jwt';
+import { json, notFound } from '@/lib/response';
+import { getShareByCode } from '@/queries/prisma';
+
+export async function GET(_request: Request, { params }: { params: Promise<{ slug: string }> }) {
+  const { slug } = await params;
+
+  const share = await getShareByCode(slug);
+
+  if (!share) {
+    return notFound();
+  }
+
+  const data = { shareId: share.id };
+  const token = createToken(data, secret());
+
+  return json({ ...data, token });
+}

src/app/api/share/route.ts

@@ -0,0 +1,38 @@
+import z from 'zod';
+import { uuid } from '@/lib/crypto';
+import { parseRequest } from '@/lib/request';
+import { json, unauthorized } from '@/lib/response';
+import { anyObjectParam } from '@/lib/schema';
+import { canUpdateEntity } from '@/permissions';
+import { createShare } from '@/queries/prisma';
+
+export async function POST(request: Request) {
+  const schema = z.object({
+    entityId: z.uuid(),
+    shareType: z.coerce.number().int(),
+    slug: z.string().max(100),
+    parameters: anyObjectParam,
+  });
+
+  const { auth, body, error } = await parseRequest(request, schema);
+
+  if (error) {
+    return error();
+  }
+
+  const { entityId, shareType, slug, parameters } = body;
+
+  if (!(await canUpdateEntity(auth, entityId))) {
+    return unauthorized();
+  }
+
+  const share = await createShare({
+    id: uuid(),
+    entityId,
+    shareType,
+    slug,
+    parameters,
+  });
+
+  return json(share);
+}