import { auth } from '@/auth' import { db } from '@/lib/db' import { sessionCodes, sessions, machines } from '@/lib/db/schema' import { eq, and, isNull, gt } from 'drizzle-orm' import { NextRequest, NextResponse } from 'next/server' export async function POST(request: NextRequest) { const session = await auth() if (!session?.user?.id) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) } const { code } = await request.json() if (!code || typeof code !== 'string') { return NextResponse.json({ error: 'Code required' }, { status: 400 }) } const normalizedCode = code.replace(/\s/g, '').toUpperCase() // Find valid, unused session code const codeResult = await db .select() .from(sessionCodes) .where( and( eq(sessionCodes.code, normalizedCode), eq(sessionCodes.isActive, true), gt(sessionCodes.expiresAt, new Date()), isNull(sessionCodes.usedAt) ) ) .limit(1) const sessionCode = codeResult[0] if (!sessionCode) { return NextResponse.json({ error: 'Invalid or expired session code' }, { status: 400 }) } // Look up machine name const machineResult = await db .select({ name: machines.name }) .from(machines) .where(eq(machines.id, sessionCode.machineId)) .limit(1) const machineName = machineResult[0]?.name ?? 'Remote Machine' // Mark code as used await db .update(sessionCodes) .set({ usedAt: new Date(), usedBy: session.user.id, isActive: false }) .where(eq(sessionCodes.id, sessionCode.id)) // Create session record (viewer_token is auto-generated by DB default) const newSession = await db .insert(sessions) .values({ machineId: sessionCode.machineId, machineName, viewerUserId: session.user.id, connectionType: 'session_code', sessionCode: normalizedCode, }) .returning({ id: sessions.id, viewerToken: sessions.viewerToken }) return NextResponse.json({ sessionId: newSession[0].id, viewerToken: newSession[0].viewerToken, machineId: sessionCode.machineId, }) }