181 lines
6.3 KiB
TypeScript
181 lines
6.3 KiB
TypeScript
// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
|
|
import type {NextApiRequest, NextApiResponse} from "next";
|
|
import {app, storage} from "@/firebase";
|
|
import {getFirestore, collection, getDocs, getDoc, doc, setDoc, query, where} from "firebase/firestore";
|
|
import {withIronSessionApiRoute} from "iron-session/next";
|
|
import {sessionOptions} from "@/lib/session";
|
|
import {Group, User} from "@/interfaces/user";
|
|
import {getDownloadURL, getStorage, ref, uploadBytes} from "firebase/storage";
|
|
import {getAuth, signInWithEmailAndPassword, updateEmail, updatePassword} from "firebase/auth";
|
|
import {errorMessages} from "@/constants/errors";
|
|
import moment from "moment";
|
|
import ShortUniqueId from "short-unique-id";
|
|
import {Payment} from "@/interfaces/paypal";
|
|
import {toFixedNumber} from "@/utils/number";
|
|
import {propagateStatusChange} from "@/utils/propagate.user.changes";
|
|
|
|
const db = getFirestore(app);
|
|
const auth = getAuth(app);
|
|
|
|
export default withIronSessionApiRoute(handler, sessionOptions);
|
|
|
|
// TODO: Data is set as any as data cannot be parsed to Payment
|
|
// because the id is not a par of the hash and payment expects date to be of type Date
|
|
// but if it is not inserted as a string, some UI components will not work (Invalid Date)
|
|
const addPaymentRecord = async (data: any) => {
|
|
await setDoc(doc(db, "payments", data.id), data);
|
|
};
|
|
const managePaymentRecords = async (user: User, userId: string | undefined): Promise<boolean> => {
|
|
try {
|
|
if (user.type === "corporate" && userId) {
|
|
const shortUID = new ShortUniqueId();
|
|
const data: Payment = {
|
|
id: shortUID.randomUUID(8),
|
|
corporate: userId,
|
|
agent: user.corporateInformation.referralAgent,
|
|
agentCommission: user.corporateInformation.payment!.commission,
|
|
agentValue: toFixedNumber((user.corporateInformation.payment!.commission / 100) * user.corporateInformation.payment!.value, 2),
|
|
currency: user.corporateInformation.payment!.currency,
|
|
value: user.corporateInformation.payment!.value,
|
|
isPaid: false,
|
|
date: new Date().toISOString(),
|
|
};
|
|
|
|
const corporatePayments = await getDocs(query(collection(db, "payments"), where("corporate", "==", userId)));
|
|
if (corporatePayments.docs.length === 0) {
|
|
await addPaymentRecord(data);
|
|
return true;
|
|
}
|
|
|
|
const hasPaymentPaidAndExpiring = corporatePayments.docs.filter((doc) => {
|
|
const data = doc.data();
|
|
return (
|
|
data.isPaid &&
|
|
moment().isAfter(moment(user.subscriptionExpirationDate).subtract(30, "days")) &&
|
|
moment().isBefore(moment(user.subscriptionExpirationDate))
|
|
);
|
|
});
|
|
|
|
if (hasPaymentPaidAndExpiring.length > 0) {
|
|
await addPaymentRecord(data);
|
|
return true;
|
|
}
|
|
}
|
|
|
|
return false;
|
|
} catch (e) {
|
|
// if this process fails it should not stop the rest of the process
|
|
console.log(e);
|
|
return false;
|
|
}
|
|
};
|
|
|
|
async function handler(req: NextApiRequest, res: NextApiResponse) {
|
|
if (!req.session.user) {
|
|
res.status(401).json({ok: false});
|
|
return;
|
|
}
|
|
|
|
const queryId = req.query.id as string;
|
|
|
|
const userRef = doc(db, "users", queryId ? (queryId as string) : req.session.user.id);
|
|
const updatedUser = req.body as User & {password?: string; newPassword?: string};
|
|
|
|
if (!!queryId) {
|
|
const user = await setDoc(userRef, updatedUser, {merge: true});
|
|
await managePaymentRecords(updatedUser, updatedUser.id);
|
|
|
|
if (updatedUser.status) {
|
|
// there's no await as this does not affect the user
|
|
propagateStatusChange(queryId, updatedUser.status);
|
|
}
|
|
|
|
res.status(200).json({ok: true});
|
|
return;
|
|
}
|
|
|
|
if (updatedUser.profilePicture && updatedUser.profilePicture !== req.session.user.profilePicture) {
|
|
const profilePictureFiletype = updatedUser.profilePicture.split(";")[0].split("/")[1];
|
|
const profilePictureRef = ref(storage, `profile_pictures/${req.session.user.id}.${profilePictureFiletype}`);
|
|
|
|
const pictureBytes = Buffer.from(updatedUser.profilePicture.split(";base64,")[1], "base64url");
|
|
const pictureSnapshot = await uploadBytes(profilePictureRef, pictureBytes);
|
|
|
|
const pictureReference = ref(storage, pictureSnapshot.metadata.fullPath);
|
|
updatedUser.profilePicture = await getDownloadURL(pictureReference);
|
|
}
|
|
|
|
if (updatedUser.newPassword && updatedUser.password) {
|
|
try {
|
|
const credential = await signInWithEmailAndPassword(auth, req.session.user.email, updatedUser.password);
|
|
await updatePassword(credential.user, updatedUser.newPassword);
|
|
} catch {
|
|
res.status(400).json({error: "E001", message: errorMessages.E001});
|
|
return;
|
|
}
|
|
}
|
|
|
|
if (updatedUser.email !== req.session.user.email && updatedUser.password) {
|
|
try {
|
|
const usersWithSameEmail = await getDocs(query(collection(db, "users"), where("email", "==", updatedUser.email.toLowerCase())));
|
|
if (usersWithSameEmail.docs.length > 0) {
|
|
res.status(400).json({error: "E003", message: errorMessages.E003});
|
|
return;
|
|
}
|
|
|
|
const credential = await signInWithEmailAndPassword(auth, req.session.user.email, updatedUser.password);
|
|
await updateEmail(credential.user, updatedUser.email);
|
|
|
|
if (req.session.user.type === "student") {
|
|
const corporateAdmins = ((await getDocs(collection(db, "users"))).docs.map((x) => ({...x.data(), id: x.id})) as User[])
|
|
.filter((x) => x.type === "corporate")
|
|
.map((x) => x.id);
|
|
const groups = ((await getDocs(collection(db, "groups"))).docs.map((x) => ({...x.data(), id: x.id})) as Group[]).filter(
|
|
(x) => x.participants.includes(req.session.user!.id) && corporateAdmins.includes(x.admin),
|
|
);
|
|
|
|
groups.forEach(async (group) => {
|
|
await setDoc(
|
|
doc(db, "groups", group.id),
|
|
{participants: group.participants.filter((x) => x !== req.session.user!.id)},
|
|
{merge: true},
|
|
);
|
|
});
|
|
}
|
|
} catch {
|
|
res.status(400).json({error: "E002", message: errorMessages.E002});
|
|
return;
|
|
}
|
|
}
|
|
|
|
if (updatedUser.status) {
|
|
// there's no await as this does not affect the user
|
|
propagateStatusChange(req.session.user.id, updatedUser.status);
|
|
}
|
|
|
|
delete updatedUser.password;
|
|
delete updatedUser.newPassword;
|
|
|
|
await setDoc(userRef, updatedUser, {merge: true});
|
|
|
|
const docUser = await getDoc(doc(db, "users", req.session.user.id));
|
|
const user = docUser.data() as User;
|
|
|
|
if (!queryId) {
|
|
req.session.user = {...user, id: req.session.user.id};
|
|
await req.session.save();
|
|
}
|
|
|
|
await managePaymentRecords(user, queryId);
|
|
|
|
res.status(200).json({user});
|
|
}
|
|
|
|
export const config = {
|
|
api: {
|
|
bodyParser: {
|
|
sizeLimit: "20mb",
|
|
},
|
|
},
|
|
};
|