DHBW-WE/MeetUp
5
0
Fork 0
Code Issues 7 Pull requests 11 Projects 1 Releases 5 Packages 1 Wiki Activity Actions 6
MeetUp/src/app/api/event/[eventID]/participant/[user]/route.ts
Dominik Stahl 476114ca87
Some checks failed
container-scan / Container Scan (pull_request) Failing after 7m35s
Details
docker-build / docker (pull_request) Failing after 11m56s
Details
feat(api): add user search endpoint and normalize response data and validation
2025-06-17 21:50:52 +02:00

459 lines
12 KiB
TypeScript
Raw Blame History

import { prisma } from '@/prisma';
import { auth } from '@/auth';
import { NextResponse } from 'next/server';
import { z } from 'zod/v4';
export const patchParticipantSchema = z.object({
status: z.enum(['ACCEPTED', 'DECLINED', 'TENTATIVE', 'PENDING']),
});
/**
* @swagger
* /api/event/{eventID}/participant/{user}:
* get:
* summary: Get a specific participant's details in an event
* description: Returns the details of a specific participant in an event.
* tags:
* - Event_Participant
* parameters:
* - in: path
* name: eventID
* required: true
* schema:
* type: string
* description: The ID of the event.
* - in: path
* name: user
* required: true
* schema:
* type: string
* description: The ID or name of the user.
* responses:
* 200:
* description: Details of the participant.
* content:
* application/json:
* schema:
* type: object
* properties:
* success:
* type: boolean
* participant:
* $ref: '#/components/schemas/Participant'
* 401:
* description: Not authenticated.
* content:
* application/json:
* schema:
* $ref: '#/components/schemas/ErrorResponse'
* example:
* success: false
* message: Not authenticated
* 404:
* description: User not found.
* content:
* application/json:
* schema:
* $ref: '#/components/schemas/ErrorResponse'
* example:
* success: false
* message: User not found
* 403:
* description: User is not a participant or organizer of this event.
* content:
* application/json:
* schema:
* $ref: '#/components/schemas/ErrorResponse'
* example:
* success: false
* message: User is not a participant or organizer of this event
*/
export const GET = auth(async (req, { params }) => {
if (!req.auth)
return NextResponse.json(
{ success: false, message: 'Not authenticated' },
{ status: 401 },
);
if (!req.auth.user || !req.auth.user.id)
return NextResponse.json(
{ success: false, message: 'User not found' },
{ status: 404 },
);
const dbUser = await prisma.user.findUnique({
where: {
id: req.auth.user.id,
},
});
if (!dbUser) {
return NextResponse.json(
{ success: false, message: 'User not found' },
{ status: 404 },
);
}
const eventID = (await params).eventID;
const user = (await params).user;
const isParticipant = await prisma.meetingParticipant.findFirst({
where: {
meeting_id: eventID,
user_id: dbUser.id,
},
});
const isOrganizer = await prisma.meeting.findFirst({
where: {
id: eventID,
organizer_id: dbUser.id,
},
});
if (!isParticipant && !isOrganizer) {
return NextResponse.json(
{
success: false,
message: 'User is not a participant or organizer of this event',
},
{ status: 403 },
);
}
const participant = await prisma.meetingParticipant.findUnique({
where: {
meeting_id_user_id: {
meeting_id: eventID,
user_id: user,
},
},
select: {
user: {
select: {
id: true,
name: true,
},
},
status: true,
},
});
if (!participant) {
return NextResponse.json(
{ success: false, message: 'Participant not found' },
{ status: 404 },
);
}
return NextResponse.json({
success: true,
participant,
});
});
/**
* @swagger
* /api/event/{eventID}/participant/{user}:
* delete:
* summary: Remove a participant from an event
* description: Removes a participant from an event. Only the organizer can remove participants.
* tags:
* - Event_Participant
* parameters:
* - in: path
* name: eventID
* required: true
* schema:
* type: string
* description: The ID of the event.
* - in: path
* name: user
* required: true
* schema:
* type: string
* description: The ID or name of the user to be removed.
* responses:
* 200:
* description: Participant removed successfully.
* content:
* application/json:
* schema:
* type: object
* properties:
* success:
* type: boolean
* message:
* type: string
* 401:
* description: Not authenticated.
* content:
* application/json:
* schema:
* $ref: '#/components/schemas/ErrorResponse'
* example:
* success: false
* message: Not authenticated
* 404:
* description: User not found.
* content:
* application/json:
* schema:
* $ref: '#/components/schemas/ErrorResponse'
* example:
* success: false
* message: User not found
* 403:
* description: Only organizer can remove participants.
* content:
* application/json:
* schema:
* $ref: '#/components/schemas/ErrorResponse'
* example:
* success: false
* message: Only organizer can remove participants
*/
export const DELETE = auth(async (req, { params }) => {
if (!req.auth)
return NextResponse.json(
{ success: false, message: 'Not authenticated' },
{ status: 401 },
);
if (!req.auth.user || !req.auth.user.id)
return NextResponse.json(
{ success: false, message: 'User not found' },
{ status: 404 },
);
const dbUser = await prisma.user.findUnique({
where: {
id: req.auth.user.id,
},
});
if (!dbUser) {
return NextResponse.json(
{ success: false, message: 'User not found' },
{ status: 404 },
);
}
const eventID = (await params).eventID;
const user = (await params).user;
const isOrganizer = await prisma.meeting.findFirst({
where: {
id: eventID,
organizer_id: dbUser.id,
},
});
if (!isOrganizer) {
return NextResponse.json(
{ success: false, message: 'Only organizer can remove participants' },
{ status: 403 },
);
}
const participant = await prisma.meetingParticipant.findUnique({
where: {
meeting_id_user_id: {
meeting_id: eventID,
user_id: user,
},
},
});
if (!participant) {
return NextResponse.json(
{ success: false, message: 'Participant not found' },
{ status: 404 },
);
}
await prisma.meetingParticipant.delete({
where: {
meeting_id_user_id: {
meeting_id: eventID,
user_id: user,
},
},
});
return NextResponse.json({
success: true,
message: 'Participant removed successfully',
});
});
/**
* @swagger
* /api/event/{eventID}/participant/{user}:
* patch:
* summary: Update a participant's status in an event
* description: Updates the status of a participant in an event. Only the participant can update their own status.
* tags:
* - Event_Participant
* parameters:
* - in: path
* name: eventID
* required: true
* schema:
* type: string
* description: The ID of the event.
* - in: path
* name: user
* required: true
* schema:
* type: string
* description: The ID or name of the user whose status is being updated.
* requestBody:
* required: true
* content:
* application/json:
* schema:
* type: object
* properties:
* status:
* type: string
* enum: [accepted, declined, tentative]
* description: The new status of the participant.
* responses:
* 200:
* description: Participant status updated successfully.
* content:
* application/json:
* schema:
* type: object
* properties:
* success:
* type: boolean
* participant:
* $ref: '#/components/schemas/Participant'
* 400:
* description: Bad request due to invalid input data.
* content:
* application/json:
* schema:
* $ref: '#/components/schemas/ErrorResponse'
* example:
* success: false
* message: 'Invalid input data'
* 401:
* description: Not authenticated.
* content:
* application/json:
* schema:
* $ref: '#/components/schemas/ErrorResponse'
* example:
* success: false
* message: Not authenticated
* 404:
* description: User not found.
* content:
* application/json:
* schema:
* $ref: '#/components/schemas/ErrorResponse'
* example:
* success: false
* message: User not found
* 403:
* description: Only participant can update their status.
* content:
* application/json:
* schema:
* $ref: '#/components/schemas/ErrorResponse'
* example:
* success: false
* message: Only participant can update their status
*/
export const PATCH = auth(async (req, { params }) => {
if (!req.auth)
return NextResponse.json(
{ success: false, message: 'Not authenticated' },
{ status: 401 },
);
if (!req.auth.user || !req.auth.user.id)
return NextResponse.json(
{ success: false, message: 'User not found' },
{ status: 404 },
);
const dbUser = await prisma.user.findUnique({
where: {
id: req.auth.user.id,
},
});
if (!dbUser) {
return NextResponse.json(
{ success: false, message: 'User not found' },
{ status: 404 },
);
}
const eventID = (await params).eventID;
const user = (await params).user;
if (dbUser.id !== user && dbUser.name !== user) {
return NextResponse.json(
{ success: false, message: 'You can only update your own participation' },
{ status: 403 },
);
}
const participant = await prisma.meetingParticipant.findUnique({
where: {
meeting_id_user_id: {
meeting_id: eventID,
user_id: dbUser.id,
},
},
select: {
user: {
select: {
id: true,
name: true,
},
},
status: true,
},
});
if (!participant) {
return NextResponse.json(
{ success: false, message: 'Participant not found' },
{ status: 404 },
);
}
const body = await req.json();
const parsedBody = patchParticipantSchema.safeParse(body);
if (!parsedBody.success) {
return NextResponse.json(
{
success: false,
message: 'Invalid request body',
errors: parsedBody.error.issues,
},
{ status: 400 },
);
}
const { status } = parsedBody.data;
await prisma.meetingParticipant.update({
where: {
meeting_id_user_id: {
meeting_id: eventID,
user_id: dbUser.id,
},
},
data: {
status,
},
});
return NextResponse.json({
success: true,
participant,
});
});
Reference in a new issue View git blame Copy permalink