's'
This commit is contained in:
@@ -1,54 +1,85 @@
|
||||
import { NextRequest, NextResponse } from "next/server";
|
||||
import { getPocketBaseConfig, SITE_ID } from "@/config/services.config";
|
||||
import { COOKIE_NAME } from "@/app/lib/auth-cookie";
|
||||
import {
|
||||
findVipEmailLinkByUserId,
|
||||
getActiveSiteVipRecord,
|
||||
getAdminToken,
|
||||
hasVipByUserId,
|
||||
isAnonymousUserId,
|
||||
} from "@/app/api/vip/_helpers";
|
||||
|
||||
const COOKIE_NAME = "pb_session";
|
||||
type SessionPayload = {
|
||||
userId?: string;
|
||||
anonymousUserId?: string;
|
||||
};
|
||||
|
||||
async function getAdminToken(): Promise<string | null> {
|
||||
const email = process.env.POCKETBASE_EMAIL;
|
||||
const password = process.env.POCKETBASE_PASSWORD;
|
||||
if (!email || !password) return null;
|
||||
const pb = getPocketBaseConfig();
|
||||
const res = await fetch(`${pb.url}/api/admins/auth-with-password`, {
|
||||
method: "POST",
|
||||
headers: { "Content-Type": "application/json" },
|
||||
body: JSON.stringify({ identity: email, password }),
|
||||
});
|
||||
if (!res.ok) return null;
|
||||
const data = await res.json();
|
||||
return data?.token ?? null;
|
||||
function readSessionPayload(request: NextRequest): SessionPayload | null {
|
||||
const raw = request.cookies.get(COOKIE_NAME)?.value;
|
||||
if (!raw) {
|
||||
return null;
|
||||
}
|
||||
|
||||
try {
|
||||
return JSON.parse(Buffer.from(raw, "base64url").toString("utf-8"));
|
||||
} catch {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
export async function GET(request: NextRequest) {
|
||||
const cookie = request.cookies.get(COOKIE_NAME)?.value;
|
||||
if (!cookie) {
|
||||
const payload = readSessionPayload(request);
|
||||
const userId =
|
||||
typeof payload?.userId === "string" ? payload.userId.trim() : "";
|
||||
const anonymousUserId =
|
||||
typeof payload?.anonymousUserId === "string"
|
||||
? payload.anonymousUserId.trim()
|
||||
: "";
|
||||
|
||||
if (!userId) {
|
||||
return NextResponse.json({ ok: true, vip: false });
|
||||
}
|
||||
|
||||
try {
|
||||
const payload = JSON.parse(Buffer.from(cookie, "base64url").toString("utf-8"));
|
||||
const userId = payload?.userId;
|
||||
if (!userId) return NextResponse.json({ ok: true, vip: false });
|
||||
const adminToken = await getAdminToken();
|
||||
if (!adminToken) {
|
||||
return NextResponse.json({ ok: true, vip: false });
|
||||
}
|
||||
|
||||
const token = await getAdminToken();
|
||||
if (!token) return NextResponse.json({ ok: true, vip: false });
|
||||
const userRecord = await getActiveSiteVipRecord(adminToken, userId);
|
||||
if (userRecord) {
|
||||
return NextResponse.json({
|
||||
ok: true,
|
||||
vip: true,
|
||||
expires_at:
|
||||
typeof userRecord.expires_at === "string" ? userRecord.expires_at : null,
|
||||
});
|
||||
}
|
||||
|
||||
const pb = getPocketBaseConfig();
|
||||
const filter = `user_id = "${userId}" && site_id = "${SITE_ID}"`;
|
||||
const res = await fetch(
|
||||
`${pb.url}/api/collections/site_vip/records?filter=${encodeURIComponent(filter)}&perPage=1`,
|
||||
{ headers: { Authorization: `Bearer ${token}` } }
|
||||
);
|
||||
if (!res.ok) return NextResponse.json({ ok: true, vip: false });
|
||||
const data = await res.json();
|
||||
const items = data?.items ?? [];
|
||||
const record = items[0];
|
||||
const now = new Date().toISOString();
|
||||
const isExpired = record?.expires_at && record.expires_at < now;
|
||||
const vip = !!record && !isExpired;
|
||||
return NextResponse.json({
|
||||
ok: true,
|
||||
vip,
|
||||
expires_at: record?.expires_at ?? null,
|
||||
});
|
||||
if (await hasVipByUserId(adminToken, userId)) {
|
||||
return NextResponse.json({ ok: true, vip: true, expires_at: null });
|
||||
}
|
||||
|
||||
const candidates = isAnonymousUserId(anonymousUserId)
|
||||
? [anonymousUserId]
|
||||
: [];
|
||||
if (!isAnonymousUserId(userId)) {
|
||||
const linkRecord = await findVipEmailLinkByUserId(adminToken, userId);
|
||||
const linkedAnonymousUserId =
|
||||
typeof linkRecord?.anonymous_user_id === "string"
|
||||
? linkRecord.anonymous_user_id.trim()
|
||||
: "";
|
||||
if (isAnonymousUserId(linkedAnonymousUserId)) {
|
||||
candidates.push(linkedAnonymousUserId);
|
||||
}
|
||||
}
|
||||
|
||||
for (const candidate of candidates) {
|
||||
if (await hasVipByUserId(adminToken, candidate)) {
|
||||
return NextResponse.json({ ok: true, vip: true, expires_at: null });
|
||||
}
|
||||
}
|
||||
|
||||
return NextResponse.json({ ok: true, vip: false });
|
||||
} catch {
|
||||
return NextResponse.json({ ok: true, vip: false });
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user