// Next.js API route support: https://nextjs.org/docs/api-routes/introduction import type {NextApiRequest, NextApiResponse} from "next"; import {app} from "@/firebase"; import {getFirestore, setDoc, doc, query, collection, where, getDocs, getDoc, deleteDoc} from "firebase/firestore"; import {withIronSessionApiRoute} from "iron-session/next"; import {sessionOptions} from "@/lib/session"; import {Type} from "@/interfaces/user"; import {PERMISSIONS} from "@/constants/userPermissions"; import {uuidv4} from "@firebase/util"; import {prepareMailer, prepareMailOptions} from "@/email"; const db = getFirestore(app); export default withIronSessionApiRoute(handler, sessionOptions); async function handler(req: NextApiRequest, res: NextApiResponse) { if (req.method === "GET") return get(req, res); if (req.method === "POST") return post(req, res); if (req.method === "DELETE") return del(req, res); return res.status(404).json({ok: false}); } async function get(req: NextApiRequest, res: NextApiResponse) { if (!req.session.user) { res.status(401).json({ok: false, reason: "You must be logged in to generate a code!"}); return; } const {creator} = req.query as {creator?: string}; const q = query(collection(db, "codes"), where("creator", "==", creator || "")); const snapshot = await getDocs(creator ? q : collection(db, "codes")); res.status(200).json(snapshot.docs.map((doc) => doc.data())); } async function post(req: NextApiRequest, res: NextApiResponse) { if (!req.session.user) { res.status(401).json({ok: false, reason: "You must be logged in to generate a code!"}); return; } const {type, codes, infos, expiryDate} = req.body as { type: Type; codes: string[]; infos?: {email: string; name: string; passport_id?: string}[]; expiryDate: null | Date; }; const permission = PERMISSIONS.generateCode[type]; if (!permission.includes(req.session.user.type)) { res.status(403).json({ ok: false, reason: "Your account type does not have permissions to generate a code for that type of user!", }); return; } if (req.session.user.type === "corporate") { const codesGeneratedByUserSnapshot = await getDocs(query(collection(db, "codes"), where("creator", "==", req.session.user.id))); const totalCodes = codesGeneratedByUserSnapshot.docs.length + codes.length; const allowedCodes = req.session.user.corporateInformation?.companyInformation.userAmount || 0; if (totalCodes > allowedCodes) { res.status(403).json({ ok: false, reason: `You have or would have exceeded your amount of allowed codes, you currently are allowed to generate ${ allowedCodes - codesGeneratedByUserSnapshot.docs.length } codes.`, }); return; } } const codePromises = codes.map(async (code, index) => { const codeRef = doc(db, "codes", code); const codeInformation = { type, code, creator: req.session.user!.id, creationDate: new Date().toISOString(), expiryDate, }; if (infos && infos.length > index) { const {email, name, passport_id} = infos[index]; const transport = prepareMailer(); const mailOptions = prepareMailOptions( { type, code, environment: process.env.ENVIRONMENT, }, [email.toLowerCase().trim()], "EnCoach Registration", "main", ); try { await transport.sendMail(mailOptions); await setDoc( codeRef, { ...codeInformation, email: email.trim().toLowerCase(), name: name.trim(), ...(passport_id ? {passport_id: passport_id.trim()} : {}), }, {merge: true}, ); return true; } catch (e) { return false; } } else { await setDoc(codeRef, codeInformation); } }); Promise.all(codePromises).then((results) => { res.status(200).json({ok: true, valid: results.filter((x) => x).length}); }); } async function del(req: NextApiRequest, res: NextApiResponse) { if (!req.session.user) { res.status(401).json({ok: false, reason: "You must be logged in to generate a code!"}); return; } const codes = req.query.code as string[]; for (const code of codes) { const snapshot = await getDoc(doc(db, "codes", code as string)); if (!snapshot.exists()) continue; await deleteDoc(snapshot.ref); } res.status(200).json({codes}); }