backend/src/routes/invite/create.ts
creations 4936ff8978
All checks were successful
Code quality checks / biome (push) Successful in 8s
move all from /api, turn this into backend only ( remove ejs )
2025-05-18 17:48:29 -04:00

124 lines
2.4 KiB
TypeScript

import { getSetting } from "@config/sql/settings";
import { sql } from "bun";
import { logger } from "@creations.works/logger";
import { generateRandomString, getNewTimeUTC } from "@lib/char";
const routeDef: RouteDef = {
method: "POST",
accepts: "application/json",
returns: "application/json",
needsBody: "json",
};
async function handler(
request: ExtendedRequest,
requestBody: unknown,
): Promise<Response> {
if (!request.session) {
return Response.json(
{
success: false,
code: 401,
error: "Unauthorized",
},
{ status: 401 },
);
}
if (!getSetting("enable_invitations")) {
return Response.json(
{
success: false,
code: 403,
error: "Invitations are disabled",
},
{ status: 403 },
);
}
const isAdmin: boolean =
request.session.roles.includes("admin") ||
request.session.roles.includes("superadmin");
if (!isAdmin && !getSetting("allow_user_invites")) {
return Response.json(
{
success: false,
code: 403,
error: "User invitations are disabled",
},
{ status: 403 },
);
}
const { expires, max_uses, role } = requestBody as {
expires?: string;
max_uses?: number;
role?: string;
};
if (role && !isAdmin) {
return Response.json(
{
success: false,
code: 403,
error: "You must be an admin to set the role",
},
{ status: 403 },
);
}
const expirationDate: string | null = expires ? getNewTimeUTC(expires) : null;
const maxUses: number = Number(max_uses) || 1;
const inviteRole: string = role || "user";
let invite: Invite | null = null;
try {
[invite] = await sql`
INSERT INTO invites (created_by, expiration, max_uses, role, id)
VALUES (${request.session.id}, ${expirationDate}, ${maxUses}, ${inviteRole}, ${generateRandomString(15)})
RETURNING *;
`;
if (!invite) {
logger.error("Invite failed to create");
return Response.json(
{
success: false,
code: 500,
error: "Invite was not created",
},
{ status: 500 },
);
}
} catch (error) {
logger.error(["Error creating invite:", error as Error]);
return Response.json(
{
success: false,
code: 500,
error: "An error occurred while creating the invite",
},
{ status: 500 },
);
}
return Response.json(
{
success: true,
code: 200,
invite: {
code: invite.id,
expiration: invite.expiration,
max_uses: invite.max_uses,
role: invite.role,
},
},
{ status: 200 },
);
}
export { handler, routeDef };