| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051 |
- import { NextResponse } from "next/server";
- import type { Database } from "@/types/database";
- type MovieRow = Database["public"]["Tables"]["movies"]["Row"];
- type MovieAccessResult =
- | { ok: true; userId: string; movie: Pick<MovieRow, "id" | "group_id"> }
- | { ok: false; response: NextResponse };
- export async function verifyMovieAccess(
- // Supabase v2 generics resolve movies table to `never`; typed client param breaks downstream queries
- // eslint-disable-next-line @typescript-eslint/no-explicit-any
- supabase: any,
- movieId: string,
- ): Promise<MovieAccessResult> {
- const {
- data: { user },
- } = await supabase.auth.getUser();
- if (!user) {
- return { ok: false, response: NextResponse.json({ error: "Unauthorized" }, { status: 401 }) };
- }
- const { data: movie, error: fetchError } = await supabase
- .from("movies")
- .select("id, group_id")
- .eq("id", movieId)
- .single();
- if (fetchError || !movie) {
- return {
- ok: false,
- response: NextResponse.json({ error: "Movie not found" }, { status: 404 }),
- };
- }
- const { data: membership } = await supabase
- .from("group_members")
- .select("user_id")
- .eq("group_id", movie.group_id)
- .eq("user_id", user.id)
- .single();
- if (!membership) {
- return {
- ok: false,
- response: NextResponse.json({ error: "Not a group member" }, { status: 403 }),
- };
- }
- return { ok: true, userId: user.id, movie };
- }
|