online-energieausweis/src/pages/api/user/index.ts

import { IDWithPrefix } from "#components/Ausweis/types.js";
import { VALID_UUID_PREFIXES } from "#lib/constants.js";
import { generateIDWithPrefix } from "#lib/db.js";
import { adminMiddleware, authorizationMiddleware } from "#lib/middleware/authorization.js";
import { hashPassword } from "#lib/password.js";
import { createLexOfficeCustomer } from "#lib/server/lexoffice.js";
import { sendRegisterMail } from "#lib/server/mail/registrierung.js";
import { Benutzer, prisma } from "#lib/server/prisma.js";
import { APIError, defineApiRoute } from "astro-typesafe-api/server";
import { BenutzerSchema } from "src/generated/zod/benutzer.js";
import { z } from "zod";
import { Enums } from "#lib/client/prisma.js";

export const POST = defineApiRoute({
	input: BenutzerSchema.omit({
		lex_office_id: true,
		rolle: true,
		created_at: true
	}),
	middleware: authorizationMiddleware,
	async fetch(input, context, user) {
		if (user.email !== input.email) {
			// TODO: Email wurde geändert, neue Bestätigunsmail schicken.
		}

		const updateData: any = {};
		updateData.id = user.id;
		if (input.adresse) updateData.adresse = input.adresse;
		if (input.anrede) updateData.anrede = input.anrede;
		if (input.email) updateData.email = input.email;
		if (input.firma) updateData.firma = input.firma;
		if (input.name) updateData.name = input.name;
		if (input.vorname) updateData.vorname = input.vorname;
		if (input.ort) updateData.ort = input.ort;
		if (input.passwort.length != 0) updateData.passwort = hashPassword(input.passwort);
		if (input.plz) updateData.plz = input.plz;
		if (input.profilbild) updateData.profilbild = input.profilbild;
		if (input.telefon) updateData.telefon = input.telefon;
		if (input.verified) updateData.telefon = input.verified;

		//Only Admin can update other users
		if (user.rolle == Enums.BenutzerRolle.ADMIN && input.id != user.id) {
			updateData.id = input.id;
		} else if(user.rolle != Enums.BenutzerRolle.ADMIN && input.id != user.id){
			return;
		}

		await prisma.benutzer.update({
			where: {
				id: updateData.id
			},
			data: updateData
		});

		
	},
})

export const GET = defineApiRoute({
	input: z.object({
		id: IDWithPrefix
	}).or(z.object({
		take: z.number(),
		email: z.string()
	})),
	output: z.array(BenutzerSchema),
	middleware: authorizationMiddleware,
	async fetch(input, context, admin) {
		if ("id" in input) {
			//Only Admin can read other users
			if (admin.rolle != Enums.BenutzerRolle.ADMIN && input.id != admin.id) {
				return;
			}

			const user = await prisma.benutzer.findUnique({
				where: {
					id: input.id
				}
			})

			if (!user) {
				return [];
			}

			return [user];
		} else {
			//Only admin can read many users
			if (admin.rolle != Enums.BenutzerRolle.ADMIN ) {
				return;
			}

			const users = await prisma.benutzer.findMany({
				where: {
					email: {
						startsWith: input.email
					}
				},
				take: input.take
			})

			return users;
		}
	},
})

export const PUT = defineApiRoute({
	input: z.object({
		email: z.string().email(),
		passwort: z.string().min(8),
		vorname: z.string(),
		name: z.string()
	}),
	output: z.object({
		id: IDWithPrefix
	}),
	async fetch(input) {
		const existingUser = await prisma.benutzer.findUnique({
			where: {
				email: input.email
			}
		})

		if (existingUser) {
			throw new APIError({
				code: "CONFLICT",
				message: "Email Adresse ist bereits vergeben."
			})
		}

		const id = generateIDWithPrefix(9, VALID_UUID_PREFIXES.User);

		const user = await prisma.benutzer.create({
			data: {
				email: input.email,
				passwort: hashPassword(input.passwort),
				vorname: input.vorname,
				name: input.name,
				id
			}
		})

		const lex_office_id = await createLexOfficeCustomer(user);

		await prisma.benutzer.update({
			where: {
				id: user.id
			},
			data: {
				lex_office_id
			}
		})

		await sendRegisterMail(user)

		return { id }
	},
})