1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
import { NextResponse } from "next/server"
import { createSupabaseServerClient } from "@/lib/supabase/server"
import { checkBotId } from "botid/server"
const MAX_NOTE_LENGTH = 1000
export async function DELETE(
_request: Request,
{ params }: { params: Promise<{ token: string }> }
) {
const botVerification = await checkBotId()
if (botVerification.isBot) {
return NextResponse.json({ error: "access denied" }, { status: 403 })
}
const supabaseClient = await createSupabaseServerClient()
const {
data: { user },
} = await supabaseClient.auth.getUser()
if (!user) {
return NextResponse.json({ error: "not authenticated" }, { status: 401 })
}
const { token } = await params
const { error } = await supabaseClient
.from("shared_entries")
.delete()
.eq("share_token", token)
.eq("user_id", user.id)
if (error) {
return NextResponse.json(
{ error: "failed to delete share" },
{ status: 500 }
)
}
return new Response(null, { status: 204 })
}
export async function PATCH(
request: Request,
{ params }: { params: Promise<{ token: string }> }
) {
const botVerification = await checkBotId()
if (botVerification.isBot) {
return NextResponse.json({ error: "access denied" }, { status: 403 })
}
const supabaseClient = await createSupabaseServerClient()
const {
data: { user },
} = await supabaseClient.auth.getUser()
if (!user) {
return NextResponse.json({ error: "not authenticated" }, { status: 401 })
}
const { token } = await params
const body = await request.json().catch(() => null)
if (!body || typeof body !== "object") {
return NextResponse.json({ error: "invalid request body" }, { status: 400 })
}
const rawNote = body.note
let note: string | null = null
if (rawNote !== undefined && rawNote !== null) {
if (typeof rawNote !== "string") {
return NextResponse.json(
{ error: "note must be a string" },
{ status: 400 }
)
}
if (rawNote.length > MAX_NOTE_LENGTH) {
return NextResponse.json(
{ error: `note must be ${MAX_NOTE_LENGTH} characters or fewer` },
{ status: 400 }
)
}
note = rawNote.trim() || null
}
const updatePayload: Record<string, unknown> = {}
if (rawNote !== undefined) {
updatePayload.note = note
}
if (typeof body.noteIsPublic === "boolean") {
updatePayload.note_is_public = body.noteIsPublic
}
if (Object.keys(updatePayload).length === 0) {
return NextResponse.json({ ok: true })
}
const { error } = await supabaseClient
.from("shared_entries")
.update(updatePayload)
.eq("share_token", token)
.eq("user_id", user.id)
if (error) {
return NextResponse.json(
{ error: "failed to update share" },
{ status: 500 }
)
}
return NextResponse.json({ ok: true })
}
|