monoadmin/remotelink-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b2be19ed14681d255b2bc0aac22c29876cfb5e9e
remotelink-docker/app/api/invites/route.ts
monoadmin b2be19ed14 Initial commit
2026-04-10 15:36:33 -07:00

77 lines
2.1 KiB
TypeScript
Raw Blame History

import { auth } from '@/auth'
import { db } from '@/lib/db'
import { invites, users } from '@/lib/db/schema'
import { eq, and, isNull, gt } from 'drizzle-orm'
import { NextRequest, NextResponse } from 'next/server'
async function requireAdmin() {
const session = await auth()
if (!session?.user?.id) return null
const role = (session.user as { role: string }).role
if (role !== 'admin') return null
return session.user
}
export async function POST(request: NextRequest) {
const admin = await requireAdmin()
if (!admin) return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
const { email } = await request.json()
if (!email || typeof email !== 'string') {
return NextResponse.json({ error: 'Valid email required' }, { status: 400 })
}
const normalizedEmail = email.toLowerCase().trim()
// Check for existing pending invite
const existing = await db
.select({ id: invites.id })
.from(invites)
.where(
and(
eq(invites.email, normalizedEmail),
isNull(invites.usedAt),
gt(invites.expiresAt, new Date())
)
)
.limit(1)
if (existing.length > 0) {
return NextResponse.json(
{ error: 'A pending invite already exists for this email' },
{ status: 409 }
)
}
const result = await db
.insert(invites)
.values({ email: normalizedEmail, createdBy: admin.id })
.returning()
return NextResponse.json({ invite: result[0] }, { status: 201 })
}
export async function GET() {
const admin = await requireAdmin()
if (!admin) return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
const result = await db
.select()
.from(invites)
.orderBy(invites.createdAt)
return NextResponse.json({ invites: result.reverse() })
}
export async function DELETE(request: NextRequest) {
const admin = await requireAdmin()
if (!admin) return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
const { id } = await request.json()
if (!id) return NextResponse.json({ error: 'Invite ID required' }, { status: 400 })
await db.delete(invites).where(eq(invites.id, id))
return NextResponse.json({ success: true })
}
Reference in New Issue View Git Blame Copy Permalink