106 lines
4.8 KiB
TypeScript
106 lines
4.8 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server';
|
|
import { createClient } from '@/lib/supabase/server';
|
|
|
|
export async function GET(request: NextRequest) {
|
|
try {
|
|
const supabase = await createClient();
|
|
const { data: { user }, error: authError } = await supabase.auth.getUser();
|
|
if (authError || !user) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
|
|
|
|
const { data: profile } = await supabase.from('user_profiles').select('role').eq('id', user.id).single();
|
|
if (!['administrator', 'admin'].includes(profile?.role || '')) return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
|
|
|
|
const { searchParams } = new URL(request.url);
|
|
const search = searchParams.get('search') || '';
|
|
const banLevel = searchParams.get('ban_level') || '';
|
|
const siteScope = searchParams.get('site_scope') || '';
|
|
const activeFilter = searchParams.get('active') || '';
|
|
|
|
let query = supabase
|
|
.from('banned_terms')
|
|
.select('*, added_by_profile:user_profiles!banned_terms_added_by_fkey(full_name)')
|
|
.order('created_at', { ascending: false });
|
|
|
|
if (search) query = query.ilike('term', `%${search}%`);
|
|
if (banLevel) query = query.eq('ban_level', banLevel);
|
|
if (siteScope) query = query.eq('site_scope', siteScope);
|
|
if (activeFilter !== '') query = query.eq('is_active', activeFilter === 'true');
|
|
|
|
const { data, error } = await query;
|
|
if (error) return NextResponse.json({ error: error.message }, { status: 500 });
|
|
|
|
return NextResponse.json({ terms: data || [] });
|
|
} catch (err: any) {
|
|
return NextResponse.json({ error: err.message }, { status: 500 });
|
|
}
|
|
}
|
|
|
|
export async function POST(request: NextRequest) {
|
|
try {
|
|
const supabase = await createClient();
|
|
const { data: { user }, error: authError } = await supabase.auth.getUser();
|
|
if (authError || !user) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
|
|
|
|
const { data: profile } = await supabase.from('user_profiles').select('role').eq('id', user.id).single();
|
|
if (!['administrator', 'admin'].includes(profile?.role || '')) return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
|
|
|
|
const body = await request.json();
|
|
const { term, ban_level, site_scope, notes } = body;
|
|
|
|
if (!term?.trim()) return NextResponse.json({ error: 'Term is required' }, { status: 400 });
|
|
|
|
const { data, error } = await supabase
|
|
.from('banned_terms')
|
|
.insert({ term: term.trim(), ban_level: ban_level || 'soft', site_scope: site_scope || 'both', notes: notes || null, added_by: user.id })
|
|
.select()
|
|
.single();
|
|
|
|
if (error) return NextResponse.json({ error: error.message }, { status: 500 });
|
|
return NextResponse.json({ term: data }, { status: 201 });
|
|
} catch (err: any) {
|
|
return NextResponse.json({ error: err.message }, { status: 500 });
|
|
}
|
|
}
|
|
|
|
export async function PATCH(request: NextRequest) {
|
|
try {
|
|
const supabase = await createClient();
|
|
const { data: { user }, error: authError } = await supabase.auth.getUser();
|
|
if (authError || !user) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
|
|
|
|
const { data: profile } = await supabase.from('user_profiles').select('role').eq('id', user.id).single();
|
|
if (!['administrator', 'admin'].includes(profile?.role || '')) return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
|
|
|
|
const body = await request.json();
|
|
const { id, ...updates } = body;
|
|
if (!id) return NextResponse.json({ error: 'ID required' }, { status: 400 });
|
|
|
|
const { error } = await supabase.from('banned_terms').update(updates).eq('id', id);
|
|
if (error) return NextResponse.json({ error: error.message }, { status: 500 });
|
|
return NextResponse.json({ success: true });
|
|
} catch (err: any) {
|
|
return NextResponse.json({ error: err.message }, { status: 500 });
|
|
}
|
|
}
|
|
|
|
export async function DELETE(request: NextRequest) {
|
|
try {
|
|
const supabase = await createClient();
|
|
const { data: { user }, error: authError } = await supabase.auth.getUser();
|
|
if (authError || !user) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
|
|
|
|
const { data: profile } = await supabase.from('user_profiles').select('role').eq('id', user.id).single();
|
|
if (!['administrator', 'admin'].includes(profile?.role || '')) return NextResponse.json({ error: 'Forbidden' }, { status: 403 });
|
|
|
|
const { searchParams } = new URL(request.url);
|
|
const id = searchParams.get('id');
|
|
if (!id) return NextResponse.json({ error: 'ID required' }, { status: 400 });
|
|
|
|
const { error } = await supabase.from('banned_terms').delete().eq('id', id);
|
|
if (error) return NextResponse.json({ error: error.message }, { status: 500 });
|
|
return NextResponse.json({ success: true });
|
|
} catch (err: any) {
|
|
return NextResponse.json({ error: err.message }, { status: 500 });
|
|
}
|
|
}
|