| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950 |
- import { listBranches } from "@/lib/storage";
- import { getSession } from "@/lib/auth/session";
- import { filterBranchesForSession } from "@/lib/auth/permissions";
- import {
- withErrorHandling,
- json,
- unauthorized,
- ApiError,
- } from "@/lib/api/errors";
- /**
- * GET /api/branches
- *
- * Returns the list of branches (e.g. ["NL01", "NL02", ...]) based on the
- * directory names under NAS_ROOT_PATH.
- *
- * RBAC:
- * - 401 if no session
- * - branch role: only returns its own branch
- * - admin/dev: returns all branches
- *
- * Happy-path response must remain unchanged:
- * { "branches": ["NL01", ...] }
- */
- export const GET = withErrorHandling(
- async function GET() {
- const session = await getSession();
- if (!session) {
- throw unauthorized("AUTH_UNAUTHENTICATED", "Unauthorized");
- }
- try {
- const branches = await listBranches();
- const visibleBranches = filterBranchesForSession(session, branches);
- return json({ branches: visibleBranches }, 200);
- } catch (err) {
- // Treat any storage read failures as internal server errors.
- // We do NOT expose filesystem error messages to the client.
- throw new ApiError({
- status: 500,
- code: "FS_STORAGE_ERROR",
- message: "Internal server error",
- cause: err,
- });
- }
- },
- { logPrefix: "[api/branches]" }
- );
|
