import { NextResponse } from "next/server"; import type { Database } from "@/types/database"; type MovieRow = Database["public"]["Tables"]["movies"]["Row"]; type MovieAccessResult = | { ok: true; userId: string; movie: Pick } | { ok: false; response: NextResponse }; export async function verifyMovieAccess( // Supabase v2 generics resolve movies table to `never`; typed client param breaks downstream queries // eslint-disable-next-line @typescript-eslint/no-explicit-any supabase: any, movieId: string, ): Promise { const { data: { user }, } = await supabase.auth.getUser(); if (!user) { return { ok: false, response: NextResponse.json({ error: "Unauthorized" }, { status: 401 }) }; } const { data: movie, error: fetchError } = await supabase .from("movies") .select("id, group_id") .eq("id", movieId) .single(); if (fetchError || !movie) { return { ok: false, response: NextResponse.json({ error: "Movie not found" }, { status: 404 }), }; } const { data: membership } = await supabase .from("group_members") .select("user_id") .eq("group_id", movie.group_id) .eq("user_id", user.id) .single(); if (!membership) { return { ok: false, response: NextResponse.json({ error: "Not a group member" }, { status: 403 }), }; } return { ok: true, userId: user.id, movie }; }