feat: add guestbook api routes
This commit is contained in:
parent
4a979080af
commit
4e2c09b770
2 changed files with 84 additions and 0 deletions
30
apps/blog/src/pages/api/guestbook.ts
Normal file
30
apps/blog/src/pages/api/guestbook.ts
Normal file
|
|
@ -0,0 +1,30 @@
|
||||||
|
import type { APIRoute } from 'astro';
|
||||||
|
import { createEntry } from '../../lib/db';
|
||||||
|
|
||||||
|
export const prerender = false;
|
||||||
|
|
||||||
|
export const POST: APIRoute = async ({ request }) => {
|
||||||
|
try {
|
||||||
|
const data = await request.json();
|
||||||
|
const { name, message, url } = data;
|
||||||
|
|
||||||
|
if (!name || !message) {
|
||||||
|
return new Response(JSON.stringify({ error: 'Name and message are required' }), {
|
||||||
|
status: 400,
|
||||||
|
headers: { 'Content-Type': 'application/json' },
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
await createEntry(name.slice(0, 100), message.slice(0, 500), url?.slice(0, 200) || null);
|
||||||
|
|
||||||
|
return new Response(JSON.stringify({ success: true }), {
|
||||||
|
status: 201,
|
||||||
|
headers: { 'Content-Type': 'application/json' },
|
||||||
|
});
|
||||||
|
} catch (error) {
|
||||||
|
return new Response(JSON.stringify({ error: 'Failed to create entry' }), {
|
||||||
|
status: 500,
|
||||||
|
headers: { 'Content-Type': 'application/json' },
|
||||||
|
});
|
||||||
|
}
|
||||||
|
};
|
||||||
54
apps/blog/src/pages/api/guestbook/[id].ts
Normal file
54
apps/blog/src/pages/api/guestbook/[id].ts
Normal file
|
|
@ -0,0 +1,54 @@
|
||||||
|
import type { APIRoute } from 'astro';
|
||||||
|
import { getSession } from 'auth-astro/server';
|
||||||
|
import { approveEntry, deleteEntry } from '../../../lib/db';
|
||||||
|
import { isAdmin } from '../../../lib/auth';
|
||||||
|
|
||||||
|
export const prerender = false;
|
||||||
|
|
||||||
|
export const PATCH: APIRoute = async ({ params, request }) => {
|
||||||
|
const session = await getSession(request);
|
||||||
|
|
||||||
|
if (!session?.user?.id || !isAdmin(session.user.id)) {
|
||||||
|
return new Response(JSON.stringify({ error: 'Unauthorized' }), {
|
||||||
|
status: 403,
|
||||||
|
headers: { 'Content-Type': 'application/json' },
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
const id = parseInt(params.id!, 10);
|
||||||
|
if (isNaN(id)) {
|
||||||
|
return new Response(JSON.stringify({ error: 'Invalid ID' }), {
|
||||||
|
status: 400,
|
||||||
|
headers: { 'Content-Type': 'application/json' },
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
await approveEntry(id);
|
||||||
|
return new Response(JSON.stringify({ success: true }), {
|
||||||
|
headers: { 'Content-Type': 'application/json' },
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
||||||
|
export const DELETE: APIRoute = async ({ params, request }) => {
|
||||||
|
const session = await getSession(request);
|
||||||
|
|
||||||
|
if (!session?.user?.id || !isAdmin(session.user.id)) {
|
||||||
|
return new Response(JSON.stringify({ error: 'Unauthorized' }), {
|
||||||
|
status: 403,
|
||||||
|
headers: { 'Content-Type': 'application/json' },
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
const id = parseInt(params.id!, 10);
|
||||||
|
if (isNaN(id)) {
|
||||||
|
return new Response(JSON.stringify({ error: 'Invalid ID' }), {
|
||||||
|
status: 400,
|
||||||
|
headers: { 'Content-Type': 'application/json' },
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
await deleteEntry(id);
|
||||||
|
return new Response(JSON.stringify({ success: true }), {
|
||||||
|
headers: { 'Content-Type': 'application/json' },
|
||||||
|
});
|
||||||
|
};
|
||||||
Loading…
Add table
Add a link
Reference in a new issue