// Next.js API route support: https://nextjs.org/docs/api-routes/introduction import type {NextApiRequest, NextApiResponse} from "next"; import {app, storage} from "@/firebase"; import {getFirestore, collection, getDocs, getDoc, doc, setDoc, query, where} from "firebase/firestore"; import {withIronSessionApiRoute} from "iron-session/next"; import {sessionOptions} from "@/lib/session"; import {Group, User} from "@/interfaces/user"; import {getDownloadURL, getStorage, ref, uploadBytes} from "firebase/storage"; import {getAuth, signInWithEmailAndPassword, updateEmail, updatePassword} from "firebase/auth"; import {errorMessages} from "@/constants/errors"; import moment from "moment"; import ShortUniqueId from "short-unique-id"; import {Payment} from "@/interfaces/paypal"; import {toFixedNumber} from "@/utils/number"; import {propagateStatusChange} from "@/utils/propagate.user.changes"; const db = getFirestore(app); const auth = getAuth(app); export default withIronSessionApiRoute(handler, sessionOptions); // TODO: Data is set as any as data cannot be parsed to Payment // because the id is not a par of the hash and payment expects date to be of type Date // but if it is not inserted as a string, some UI components will not work (Invalid Date) const addPaymentRecord = async (data: any) => { await setDoc(doc(db, "payments", data.id), data); }; const managePaymentRecords = async (user: User, userId: string | undefined): Promise => { try { if (user.type === "corporate" && userId) { const shortUID = new ShortUniqueId(); const data: Payment = { id: shortUID.randomUUID(8), corporate: userId, agent: user.corporateInformation.referralAgent, agentCommission: user.corporateInformation.payment!.commission, agentValue: toFixedNumber((user.corporateInformation.payment!.commission / 100) * user.corporateInformation.payment!.value, 2), currency: user.corporateInformation.payment!.currency, value: user.corporateInformation.payment!.value, isPaid: false, date: new Date().toISOString(), }; const corporatePayments = await getDocs(query(collection(db, "payments"), where("corporate", "==", userId))); if (corporatePayments.docs.length === 0) { await addPaymentRecord(data); return true; } const hasPaymentPaidAndExpiring = corporatePayments.docs.filter((doc) => { const data = doc.data(); return ( data.isPaid && moment().isAfter(moment(user.subscriptionExpirationDate).subtract(30, "days")) && moment().isBefore(moment(user.subscriptionExpirationDate)) ); }); if (hasPaymentPaidAndExpiring.length > 0) { await addPaymentRecord(data); return true; } } return false; } catch (e) { // if this process fails it should not stop the rest of the process console.log(e); return false; } }; async function handler(req: NextApiRequest, res: NextApiResponse) { if (!req.session.user) { res.status(401).json({ok: false}); return; } const queryId = req.query.id as string; const userRef = doc(db, "users", queryId ? (queryId as string) : req.session.user.id); const updatedUser = req.body as User & {password?: string; newPassword?: string}; if (!!queryId) { const user = await setDoc(userRef, updatedUser, {merge: true}); await managePaymentRecords(updatedUser, updatedUser.id); if (updatedUser.status) { // there's no await as this does not affect the user propagateStatusChange(queryId, updatedUser.status); } res.status(200).json({ok: true}); return; } if (updatedUser.profilePicture && updatedUser.profilePicture !== req.session.user.profilePicture) { const profilePictureFiletype = updatedUser.profilePicture.split(";")[0].split("/")[1]; const profilePictureRef = ref(storage, `profile_pictures/${req.session.user.id}.${profilePictureFiletype}`); const pictureBytes = Buffer.from(updatedUser.profilePicture.split(";base64,")[1], "base64url"); const pictureSnapshot = await uploadBytes(profilePictureRef, pictureBytes); const pictureReference = ref(storage, pictureSnapshot.metadata.fullPath); updatedUser.profilePicture = await getDownloadURL(pictureReference); } if (updatedUser.newPassword && updatedUser.password) { try { const credential = await signInWithEmailAndPassword(auth, req.session.user.email, updatedUser.password); await updatePassword(credential.user, updatedUser.newPassword); } catch { res.status(400).json({error: "E001", message: errorMessages.E001}); return; } } if (updatedUser.email !== req.session.user.email && updatedUser.password) { try { const usersWithSameEmail = await getDocs(query(collection(db, "users"), where("email", "==", updatedUser.email.toLowerCase()))); if (usersWithSameEmail.docs.length > 0) { res.status(400).json({error: "E003", message: errorMessages.E003}); return; } const credential = await signInWithEmailAndPassword(auth, req.session.user.email, updatedUser.password); await updateEmail(credential.user, updatedUser.email); if (req.session.user.type === "student") { const corporateAdmins = ((await getDocs(collection(db, "users"))).docs.map((x) => ({...x.data(), id: x.id})) as User[]) .filter((x) => x.type === "corporate") .map((x) => x.id); const groups = ((await getDocs(collection(db, "groups"))).docs.map((x) => ({...x.data(), id: x.id})) as Group[]).filter( (x) => x.participants.includes(req.session.user!.id) && corporateAdmins.includes(x.admin), ); groups.forEach(async (group) => { await setDoc( doc(db, "groups", group.id), {participants: group.participants.filter((x) => x !== req.session.user!.id)}, {merge: true}, ); }); } } catch { res.status(400).json({error: "E002", message: errorMessages.E002}); return; } } if (updatedUser.status) { // there's no await as this does not affect the user propagateStatusChange(req.session.user.id, updatedUser.status); } delete updatedUser.password; delete updatedUser.newPassword; await setDoc(userRef, updatedUser, {merge: true}); const docUser = await getDoc(doc(db, "users", req.session.user.id)); const user = docUser.data() as User; if (!queryId) { req.session.user = {...user, id: req.session.user.id}; await req.session.save(); } await managePaymentRecords(user, queryId); res.status(200).json({user}); } export const config = { api: { bodyParser: { sizeLimit: "20mb", }, }, };