🚚 refactor: migrate GET uploads logic to new search route

mangledbottles · mangledbottles · commit f6d49ca447bd · 2024-02-27T22:38:07.000+02:00
Refactored the uploads fetching logic by removing the GET function from `uploads/route.ts` and implementing a new POST request handler in `uploads/search/route.ts`

- Centralizes upload search functionality in a dedicated file for clarity and maintainability.
- Introduces validation of request bodies using Zod, improving the robustness of the API by ensuring only valid requests are processed.
- Supports advanced filtering by project ID and author IDs, allowing for more granular access to upload data.
diff --git a/apps/web/app/api/uploads/route.ts b/apps/web/app/api/uploads/route.ts
@@ -131,62 +131,3 @@ export async function POST(req: NextRequest, res: NextApiResponse) {
         });
     }
 }
-
-// Handles GET requests for fetching user uploads with pagination support
-export async function GET(req: NextRequest, res: NextApiResponse) {
-    try {
-        const user = await getUser();
-        // @ts-ignore
-        // If user retrieval fails, respond with an Unauthorized error
-        if (!user.id) return NextResponse.json({ error: "Unauthorized" }, {
-            status: 401
-        })
-
-        // Extracting offset and limit from the query parameters
-        const { searchParams } = new URL(req.url, baseUrl); // Ensure baseUrl is defined appropriately
-        const limit = parseInt(searchParams.get('limit') || '10', 10);
-        const offset = parseInt(searchParams.get('offset') || '0', 10);
-
-        // Fetch a paginated list of uploads for the current user
-        const uploads = await prisma.upload.findMany({
-            where: {
-                // @ts-ignore
-                userId: user?.id,
-            },
-            orderBy: {
-                createdAt: 'desc',
-            },
-            take: limit,
-            skip: offset,
-        });
-
-        // Fetching the total count of uploads for pagination
-        const totalCount = await prisma.upload.count({
-            where: {
-                // @ts-ignore
-                userId: user.id,
-            },
-        });
-
-        if (!uploads) {
-            return NextResponse.json({ error: 'No uploads found' }, {
-                status: 404
-            });
-        }
-        // Respond with the list of uploads and the total count for pagination
-        return NextResponse.json({ uploads, total: totalCount });
-    } catch (error: any) {
-        console.error(error);
-        captureException(new Error(`Fetching Uploads: ${error?.message}`), {
-            data: {
-                error,
-            },
-        });
-        return NextResponse.json({
-            status: 500,
-            body: {
-                error: error?.message || 'Failed to fetch uploads',
-            }
-        });
-    }
-}
diff --git a/apps/web/app/api/uploads/search/route.ts b/apps/web/app/api/uploads/search/route.ts
@@ -0,0 +1,84 @@
+import { NextApiResponse, NextApiRequest } from 'next';
+import { prisma } from '@/app/utils';
+import { getUser } from '../../utils';
+import { captureException } from '@sentry/nextjs';
+import { NextResponse } from 'next/server';
+import { z } from 'zod'; // Import Zod
+import { Role } from '@prisma/client';
+
+// Define the request body schema using Zod
+const requestBodySchema = z.object({
+  offset: z.number().optional(),
+  limit: z.number().optional(),
+  projectId: z.string(), // projectId is required
+  authorIds: z.array(z.string()).optional(), // authorIds are optional
+});
+
+// Handles POST requests for fetching user uploads with pagination and filtering support
+export async function POST(req: NextApiRequest, res: NextApiResponse) {
+    try {
+        // console.log(req.body)
+        const body = await new Response(req.body).json();
+        // const body = await
+        // Validate the request body against the schema
+        const validatedBody = requestBodySchema.safeParse(body);
+        if (!validatedBody.success) {
+            // Extract and format Zod error messages
+            const errorMessages = validatedBody.error.errors.map(error => `${error.path.join('.')}: ${error.message}`).join(', ');
+            return NextResponse.json({ error: "Validation failed", details: errorMessages }, {
+                status: 400
+            });
+        }
+
+        const user = await getUser();
+        // @ts-ignore
+        const userId = user?.id;
+        if (!userId) return res.status(401).json({ error: "Unauthorized" });
+
+        const { offset = 0, limit = 10, projectId, authorIds } = validatedBody.data;
+
+        // Check if the user is an owner of the project
+        const projectUserRole = await prisma.projectUsers.findUnique({
+            where: {
+                userId_projectId: {
+                    userId,
+                    projectId: projectId,
+                },
+            },
+        });
+
+        if (projectUserRole?.role !== Role.owner && authorIds && authorIds.some(authorId => authorId !== userId)) {
+            return NextResponse.json({ error: "Forbidden: User is not an owner of the project" }, { status: 403 })
+        }
+
+        // Construct the where clause for filtering uploads
+        const whereClause = {
+            projectId,
+            userId: authorIds?.length ? { in: authorIds } : userId,
+        };
+
+        // Fetch a paginated list of uploads based on the request body parameters
+        const uploads = await prisma.upload.findMany({
+            where: whereClause,
+            orderBy: { createdAt: 'desc' },
+            take: limit,
+            skip: offset,
+        });
+
+        // Fetching the total count of uploads for pagination
+        const totalCount = await prisma.upload.count({ where: whereClause });
+
+        if (!uploads.length) return NextResponse.json({ uploads: [], total: 0 });
+
+        // Respond with the list of uploads and the total count for pagination
+        return NextResponse.json({ uploads, total: totalCount });
+    } catch (error: any) {
+        // Handle Zod validation errors
+        if (error instanceof z.ZodError) {
+            return NextResponse.json({ error: error.flatten() }, { status: 400 });
+        }
+        console.error(error);
+        captureException(new Error(`Fetching Uploads: ${error?.message}`), { data: { error: error?.message } });
+        return NextResponse.json({ error: error?.message }, { status: 500 });
+    }
+}
