mirror of
https://git.coastit.co.za/caitlin/CRM_ENVR.git
synced 2026-07-13 04:27:07 +02:00
Attachment fixed
This commit is contained in:
@@ -2,6 +2,7 @@ import { NextRequest, NextResponse } from "next/server"
|
||||
import { getSessionUser } from "@/lib/auth"
|
||||
import { query } from "@/lib/db"
|
||||
import { avatarSvgUrl } from "@/lib/avatar"
|
||||
import { hasBlockedCodeExtension } from "@/lib/blocked-extensions"
|
||||
|
||||
export async function GET(
|
||||
_request: NextRequest,
|
||||
@@ -103,6 +104,18 @@ export async function POST(
|
||||
return NextResponse.json({ error: "Message content is required" }, { status: 400 })
|
||||
}
|
||||
|
||||
// Server-side blocked code extension check
|
||||
try {
|
||||
const parsed = JSON.parse(content)
|
||||
if (parsed.fileAttachments && Array.isArray(parsed.fileAttachments)) {
|
||||
for (const f of parsed.fileAttachments) {
|
||||
if (f.name && hasBlockedCodeExtension(f.name)) {
|
||||
return NextResponse.json({ error: `Blocked file type: ${f.name}` }, { status: 400 })
|
||||
}
|
||||
}
|
||||
}
|
||||
} catch {}
|
||||
|
||||
const result = await query(
|
||||
`INSERT INTO messages (conversation_id, sender_id, content)
|
||||
VALUES ($1, $2, $3)
|
||||
@@ -160,3 +173,62 @@ function formatTime(date: Date): string {
|
||||
return date.toLocaleDateString([], { month: "short", day: "numeric" }) + " " +
|
||||
date.toLocaleTimeString([], { hour: "2-digit", minute: "2-digit" })
|
||||
}
|
||||
|
||||
export async function DELETE(
|
||||
_request: NextRequest,
|
||||
{ params }: { params: Promise<{ id: string }> },
|
||||
) {
|
||||
try {
|
||||
const user = await getSessionUser()
|
||||
if (!user) return NextResponse.json({ error: "Unauthorized" }, { status: 401 })
|
||||
|
||||
const { id } = await params
|
||||
const body = await _request.json()
|
||||
const messageId = body.messageId
|
||||
if (!messageId) return NextResponse.json({ error: "messageId required" }, { status: 400 })
|
||||
|
||||
const result = await query(
|
||||
`UPDATE messages SET deleted_at = NOW() WHERE id = $1 AND sender_id = $2 AND conversation_id = $3 RETURNING id`,
|
||||
[messageId, user.id, id],
|
||||
)
|
||||
if (result.rows.length === 0) {
|
||||
return NextResponse.json({ error: "Message not found or not yours" }, { status: 404 })
|
||||
}
|
||||
|
||||
return NextResponse.json({ success: true })
|
||||
} catch (error) {
|
||||
console.error("Delete message error:", error)
|
||||
return NextResponse.json({ error: "Failed to delete message" }, { status: 500 })
|
||||
}
|
||||
}
|
||||
|
||||
export async function PATCH(
|
||||
request: NextRequest,
|
||||
{ params }: { params: Promise<{ id: string }> },
|
||||
) {
|
||||
try {
|
||||
const user = await getSessionUser()
|
||||
if (!user) return NextResponse.json({ error: "Unauthorized" }, { status: 401 })
|
||||
|
||||
const { id } = await params
|
||||
const body = await request.json()
|
||||
const messageId = body.messageId
|
||||
const newContent = body.content
|
||||
if (!messageId || !newContent?.trim()) {
|
||||
return NextResponse.json({ error: "messageId and content required" }, { status: 400 })
|
||||
}
|
||||
|
||||
const result = await query(
|
||||
`UPDATE messages SET content = $1, updated_at = NOW() WHERE id = $2 AND sender_id = $3 AND conversation_id = $4 AND deleted_at IS NULL RETURNING id`,
|
||||
[newContent.trim(), messageId, user.id, id],
|
||||
)
|
||||
if (result.rows.length === 0) {
|
||||
return NextResponse.json({ error: "Message not found or not yours" }, { status: 404 })
|
||||
}
|
||||
|
||||
return NextResponse.json({ success: true })
|
||||
} catch (error) {
|
||||
console.error("Edit message error:", error)
|
||||
return NextResponse.json({ error: "Failed to edit message" }, { status: 500 })
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user