// Next.js API route support: https://nextjs.org/docs/api-routes/introduction import type { NextApiRequest, NextApiResponse } from "next"; import { app } from "@/firebase"; import { getFirestore, setDoc, doc, query, collection, where, getDocs, } from "firebase/firestore"; import { withIronSessionApiRoute } from "iron-session/next"; import { sessionOptions } from "@/lib/session"; import { Type } from "@/interfaces/user"; import { PERMISSIONS } from "@/constants/userPermissions"; import { uuidv4 } from "@firebase/util"; import { prepareMailer, prepareMailOptions } from "@/email"; const db = getFirestore(app); export default withIronSessionApiRoute(handler, sessionOptions); async function handler(req: NextApiRequest, res: NextApiResponse) { if (req.method === "GET") return get(req, res); if (req.method === "POST") return post(req, res); return res.status(404).json({ ok: false }); } async function get(req: NextApiRequest, res: NextApiResponse) { if (!req.session.user) { res .status(401) .json({ ok: false, reason: "You must be logged in to generate a code!" }); return; } const { creator } = req.query as { creator?: string }; const q = query(collection(db, "codes"), where("creator", "==", creator)); const snapshot = await getDocs(creator ? q : collection(db, "codes")); res.status(200).json(snapshot.docs.map((doc) => doc.data())); } async function post(req: NextApiRequest, res: NextApiResponse) { if (!req.session.user) { res .status(401) .json({ ok: false, reason: "You must be logged in to generate a code!" }); return; } const { type, codes, infos, expiryDate } = req.body as { type: Type; codes: string[]; infos?: { email: string; name: string; passport_id?: string }[]; expiryDate: null | Date; }; const permission = PERMISSIONS.generateCode[type]; if (!permission.includes(req.session.user.type)) { res .status(403) .json({ ok: false, reason: "Your account type does not have permissions to generate a code for that type of user!", }); return; } if (req.session.user.type === "corporate") { const codesGeneratedByUserSnapshot = await getDocs( query( collection(db, "codes"), where("creator", "==", req.session.user.id), ), ); const totalCodes = codesGeneratedByUserSnapshot.docs.length + codes.length; const allowedCodes = req.session.user.corporateInformation?.companyInformation.userAmount || 0; if (totalCodes > allowedCodes) { res.status(403).json({ ok: false, reason: `You have or would have exceeded your amount of allowed codes, you currently are allowed to generate ${ allowedCodes - codesGeneratedByUserSnapshot.docs.length } codes.`, }); return; } } const codePromises = codes.map(async (code, index) => { const codeRef = doc(db, "codes", code); const codeInformation = { type, code, creator: req.session.user!.id, expiryDate, }; if (infos && infos.length > index) { const { email, name, passport_id } = infos[index]; const transport = prepareMailer(); const mailOptions = prepareMailOptions( { type, code, }, [email.toLowerCase().trim()], "EnCoach Registration", "main", ); try { await transport.sendMail(mailOptions); await setDoc( codeRef, { ...codeInformation, email: email.trim().toLowerCase(), name: name.trim(), ...(passport_id ? { passport_id: passport_id.trim() } : {}), }, { merge: true }, ); return true; } catch (e) { return false; } } else { await setDoc(codeRef, codeInformation); } }); Promise.all(codePromises).then((results) => { res.status(200).json({ ok: true, valid: results.filter((x) => x).length }); }); }