Code_Uwe
/
rhl-lieferscheine


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556
							import { listDays } from "@/lib/storage";
import { getSession } from "@/lib/auth/session";
import { canAccessBranch } from "@/lib/auth/permissions";
import {
	withErrorHandling,
	json,
	badRequest,
	unauthorized,
	forbidden,
} from "@/lib/api/errors";
import { mapStorageReadError } from "@/lib/api/storageErrors";

/**
 * GET /api/branches/[branch]/[year]/[month]/days
 *
 * Happy-path response must remain unchanged:
 * { "branch":"NL01", "year":"2024", "month":"10", "days":["23", ...] }
 */
export const GET = withErrorHandling(
	async function GET(request, ctx) {
		const session = await getSession();

		if (!session) {
			throw unauthorized("AUTH_UNAUTHENTICATED", "Unauthorized");
		}

		const { branch, year, month } = await ctx.params;

		const missing = [];
		if (!branch) missing.push("branch");
		if (!year) missing.push("year");
		if (!month) missing.push("month");

		if (missing.length > 0) {
			throw badRequest(
				"VALIDATION_MISSING_PARAM",
				"Missing required route parameter(s)",
				{ params: missing }
			);
		}

		if (!canAccessBranch(session, branch)) {
			throw forbidden("AUTH_FORBIDDEN_BRANCH", "Forbidden");
		}

		try {
			const days = await listDays(branch, year, month);
			return json({ branch, year, month, days }, 200);
		} catch (err) {
			throw await mapStorageReadError(err, {
				details: { branch, year, month },
			});
		}
	},
	{ logPrefix: "[api/branches/[branch]/[year]/[month]/days]" }
);