import { NextRequest, NextResponse } from "next/server"; import { z } from "zod"; import { getSupabaseServerClient } from "@/lib/supabase/server"; import { getSupabaseAdminClient } from "@/lib/supabase/admin"; import { groupNameSchema } from "@/lib/groups/validation"; import { deleteGroupAndData } from "@/lib/groups/delete-group"; const renameSchema = z.object({ name: groupNameSchema }); /** GET /api/groups/[id] — Get group details */ export async function GET(request: NextRequest, { params }: { params: Promise<{ id: string }> }) { try { const { id } = await params; const supabase = await getSupabaseServerClient(); const { data: { user }, } = await supabase.auth.getUser(); if (!user) { return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); } const admin = getSupabaseAdminClient(); const [{ data: membership }, { data: group, error }] = await Promise.all([ admin .from("group_members") .select("role") .eq("group_id", id) .eq("user_id", user.id) .maybeSingle(), admin.from("groups").select("*").eq("id", id).single(), ]); if (!membership) { return NextResponse.json({ error: "Not a member of this group" }, { status: 403 }); } if (error || !group) { return NextResponse.json({ error: "Group not found" }, { status: 404 }); } return NextResponse.json({ group, role: membership.role }); } catch { return NextResponse.json({ error: "Internal server error" }, { status: 500 }); } } /** PATCH /api/groups/[id] — Rename group (admin only) */ export async function PATCH(request: NextRequest, { params }: { params: Promise<{ id: string }> }) { try { const { id } = await params; const supabase = await getSupabaseServerClient(); const { data: { user }, } = await supabase.auth.getUser(); if (!user) { return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); } const admin = getSupabaseAdminClient(); const { data: membership } = await admin .from("group_members") .select("role") .eq("group_id", id) .eq("user_id", user.id) .maybeSingle(); if (!membership || membership.role !== "admin") { return NextResponse.json({ error: "Admin access required" }, { status: 403 }); } const body = await request.json(); const parsed = renameSchema.safeParse(body); if (!parsed.success) { return NextResponse.json({ error: parsed.error.issues[0].message }, { status: 400 }); } const { data: group, error } = await admin .from("groups") .update({ name: parsed.data.name }) .eq("id", id) .select() .single(); if (error || !group) { return NextResponse.json({ error: "Failed to rename group" }, { status: 500 }); } return NextResponse.json({ group }); } catch { return NextResponse.json({ error: "Internal server error" }, { status: 500 }); } } /** DELETE /api/groups/[id] — Delete group (admin only) */ export async function DELETE( _request: NextRequest, { params }: { params: Promise<{ id: string }> }, ) { try { const { id } = await params; const supabase = await getSupabaseServerClient(); const { data: { user }, } = await supabase.auth.getUser(); if (!user) { return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); } const admin = getSupabaseAdminClient(); const { data: membership } = await admin .from("group_members") .select("role") .eq("group_id", id) .eq("user_id", user.id) .maybeSingle(); if (!membership || membership.role !== "admin") { return NextResponse.json({ error: "Admin access required" }, { status: 403 }); } await deleteGroupAndData(id); return NextResponse.json({ success: true }); } catch { return NextResponse.json({ error: "Internal server error" }, { status: 500 }); } }