summaryrefslogtreecommitdiff
path: root/apps/web/app/api/share/[token]/route.ts
blob: 20de1ae2296d1066666a8919b86ead1e6181a518 (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88

import { NextResponse } from "next/server"
import { createSupabaseServerClient } from "@/lib/supabase/server"

const MAX_NOTE_LENGTH = 1000

export async function DELETE(
  _request: Request,
  { params }: { params: Promise<{ token: string }> }
) {
  const supabaseClient = await createSupabaseServerClient()
  const {
    data: { user },
  } = await supabaseClient.auth.getUser()

  if (!user) {
    return NextResponse.json({ error: "not authenticated" }, { status: 401 })
  }

  const { token } = await params

  const { error } = await supabaseClient
    .from("shared_entries")
    .delete()
    .eq("share_token", token)
    .eq("user_id", user.id)

  if (error) {
    return NextResponse.json(
      { error: "failed to delete share" },
      { status: 500 }
    )
  }

  return new Response(null, { status: 204 })
}

export async function PATCH(
  request: Request,
  { params }: { params: Promise<{ token: string }> }
) {
  const supabaseClient = await createSupabaseServerClient()
  const {
    data: { user },
  } = await supabaseClient.auth.getUser()

  if (!user) {
    return NextResponse.json({ error: "not authenticated" }, { status: 401 })
  }

  const { token } = await params
  const body = await request.json().catch(() => null)
  if (!body || typeof body !== "object") {
    return NextResponse.json({ error: "invalid request body" }, { status: 400 })
  }
  const rawNote = body.note

  let note: string | null = null
  if (rawNote !== undefined && rawNote !== null) {
    if (typeof rawNote !== "string") {
      return NextResponse.json(
        { error: "note must be a string" },
        { status: 400 }
      )
    }
    if (rawNote.length > MAX_NOTE_LENGTH) {
      return NextResponse.json(
        { error: `note must be ${MAX_NOTE_LENGTH} characters or fewer` },
        { status: 400 }
      )
    }
    note = rawNote.trim() || null
  }

  const { error } = await supabaseClient
    .from("shared_entries")
    .update({ note })
    .eq("share_token", token)
    .eq("user_id", user.id)

  if (error) {
    return NextResponse.json(
      { error: "failed to update share" },
      { status: 500 }
    )
  }

  return NextResponse.json({ note })
}
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-04 20:55:46 +0000