// Next.js API route support: https://nextjs.org/docs/api-routes/introduction import type {NextApiRequest, NextApiResponse} from "next"; import client from "@/lib/mongodb"; import {withIronSessionApiRoute} from "iron-session/next"; import {sessionOptions} from "@/lib/session"; import {PERMISSIONS} from "@/constants/userPermissions"; const db = client.db(process.env.MONGODB_DB); export default withIronSessionApiRoute(handler, sessionOptions); async function handler(req: NextApiRequest, res: NextApiResponse) { if (req.method === "GET") return get(req, res); if (req.method === "PATCH") return patch(req, res); if (req.method === "DELETE") return del(req, res); } async function get(req: NextApiRequest, res: NextApiResponse) { if (!req.session.user) { res.status(401).json({ok: false}); return; } const {module, id} = req.query as {module: string; id: string}; const docSnap = await db.collection(module).findOne({ id: id}); if (docSnap) { res.status(200).json({ ...docSnap, module, }); } else { res.status(404).json(undefined); } } async function patch(req: NextApiRequest, res: NextApiResponse) { if (!req.session.user) { res.status(401).json({ok: false}); return; } const {module, id} = req.query as {module: string; id: string}; const docSnap = await db.collection(module).findOne({ id: id}); if (docSnap) { await db.collection(module).updateOne( { id: id}, { $set: { id: id, ...req.body }}, { upsert: true } ); res.status(200).json({ok: true}); } else { res.status(404).json({ok: false}); } } async function del(req: NextApiRequest, res: NextApiResponse) { if (!req.session.user) { res.status(401).json({ok: false}); return; } const {module, id} = req.query as {module: string; id: string}; const docSnap = await db.collection(module).findOne({ id: id}); if (docSnap) { if (!PERMISSIONS.examManagement.delete.includes(req.session.user.type)) { res.status(403).json({ok: false}); return; } await db.collection(module).deleteOne({ id: id }); res.status(200).json({ok: true}); } else { res.status(404).json({ok: false}); } }