Home Explore Help
Register Sign In
Code_Uwe
/
rhl-lieferscheine
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 3f186c1748
Branches Tags
rhl-lieferschei...
/
app
/
api
/
files
/
route.js

route.js 2.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475 
  1. import { listFiles } from "@/lib/storage";
    2. 

  2. import { getSession } from "@/lib/auth/session";
    3. 

  3. import { canAccessBranch } from "@/lib/auth/permissions";
    4. 

  4. import {
    5. 

  5. 	withErrorHandling,
    6. 

  6. 	json,
    7. 

  7. 	badRequest,
    8. 

  8. 	unauthorized,
    9. 

  9. 	forbidden,
    10. 

  10. } from "@/lib/api/errors";
    11. 

  11. import { mapStorageReadError } from "@/lib/api/storageErrors";
    12. 

  12. 

  13. /**
    14. 

  14.  * Next.js Route Handler caching configuration (RHL-006):
    15. 

  15.  *
    16. 

  16.  * We force this route to execute dynamically on every request.
    17. 

  17.  *
    18. 

  18.  * Reasons:
    19. 

  19.  * - NAS contents can change at any time (new scans).
    20. 

  20.  * - Auth/RBAC-protected responses must not be cached/shared across users.
    21. 

  21.  * - We rely on a small storage-layer TTL micro-cache instead of Next route caching.
    22. 

  22.  */
    23. 

  23. export const dynamic = "force-dynamic";
    24. 

  24. 

  25. /**
    26. 

  26.  * GET /api/files?branch=&year=&month=&day=
    27. 

  27.  *
    28. 

  28.  * Happy-path response must remain unchanged:
    29. 

  29.  * { "branch":"NL01", "year":"2024", "month":"10", "day":"23", "files":[...] }
    30. 

  30.  */
    31. 

  31. export const GET = withErrorHandling(
    32. 

  32. 	async function GET(request) {
    33. 

  33. 		const session = await getSession();
    34. 

  34. 

  35. 		if (!session) {
    36. 

  36. 			throw unauthorized("AUTH_UNAUTHENTICATED", "Unauthorized");
    37. 

  37. 		}
    38. 

  38. 

  39. 		const { searchParams } = new URL(request.url);
    40. 

  40. 

  41. 		// Query params are required for this endpoint.
    42. 

  42. 		const branch = searchParams.get("branch");
    43. 

  43. 		const year = searchParams.get("year");
    44. 

  44. 		const month = searchParams.get("month");
    45. 

  45. 		const day = searchParams.get("day");
    46. 

  46. 

  47. 		const missing = [];
    48. 

  48. 		if (!branch) missing.push("branch");
    49. 

  49. 		if (!year) missing.push("year");
    50. 

  50. 		if (!month) missing.push("month");
    51. 

  51. 		if (!day) missing.push("day");
    52. 

  52. 

  53. 		if (missing.length > 0) {
    54. 

  54. 			throw badRequest(
    55. 

  55. 				"VALIDATION_MISSING_QUERY",
    56. 

  56. 				"Missing required query parameter(s)",
    57. 

  57. 				{ params: missing }
    58. 

  58. 			);
    59. 

  59. 		}
    60. 

  60. 

  61. 		if (!canAccessBranch(session, branch)) {
    62. 

  62. 			throw forbidden("AUTH_FORBIDDEN_BRANCH", "Forbidden");
    63. 

  63. 		}
    64. 

  64. 

  65. 		try {
    66. 

  66. 			const files = await listFiles(branch, year, month, day);
    67. 

  67. 			return json({ branch, year, month, day, files }, 200);
    68. 

  68. 		} catch (err) {
    69. 

  69. 			throw await mapStorageReadError(err, {
    70. 

  70. 				details: { branch, year, month, day },
    71. 

  71. 			});
    72. 

  72. 		}
    73. 

  73. 	},
    74. 

  74. 	{ logPrefix: "[api/files]" }
    75. 

  75. );
    76.