Source: pages/api/data/comments.js

  1. /** @module pages/api/data/comments */
  2. import { getServerSession } from "../../../lib/auth";
  3. import { createComment, deleteComment } from "../../../lib/db/writes";
  4. import {
  5.   BAD_REQUEST,
  6.   METHOD_NOT_ALLOWED,
  7.   SERVER_ERROR,
  8.   FORBIDDEN,
  9. } from "../../../lib/errors";
  11. /**
  12.  * This is the API route for managing comments.
  13.  * It supports POST and DELETE, allowing users to create and delete their own comments.
  14.  * Comments cannot be edited, and dream owners cannot delete comments from others (this is likely
  15.  * changing in the near future).
  16.  */
  17. function commentsHandler(req, res) {
  18.   switch (req.method) {
  19.     case "POST":
  20.       return post(req, res);
  21.     case "DELETE":
  22.       return del(req, res);
  23.     default:
  24.       res.setHeader("Allow", ["POST", "DELETE"]);
  25.       res.status(405).end(METHOD_NOT_ALLOWED);
  26.       return res;
  27.   }
  28. }
  30. /**
  31.  * @private
  32.  */
  33. async function post(req, res) {
  34.   const session = await getServerSession(req, res);
  36.   if (!session) {
  37.     res.status(403).end(FORBIDDEN);
  38.     return res;
  39.   }
  41.   if (!req.body?.comment || !req.body.dreamId) {
  42.     res.status(400).end(BAD_REQUEST);
  43.     return res;
  44.   }
  46.   const data = {
  47.     comment: req.body.comment,
  48.     dreamId: req.body.dreamId,
  49.     session,
  50.   };
  52.   try {
  53.     const result = await createComment(data);
  55.     const objectId = result.insertedId.toString();
  57.     res.setHeader("Content-Type", "application/json");
  58.     res.status(201).send({ objectId });
  60.     return res;
  61.   } catch (error) {
  62.     console.error({
  63.       error,
  64.       service: "api",
  65.       pathname: "/api/data/comments",
  66.       method: "post",
  67.     });
  68.     res.status(500).end(SERVER_ERROR);
  70.     return res;
  71.   }
  72. }
  74. /**
  75.  * @private
  76.  */
  77. async function del(req, res) {
  78.   const session = await getServerSession(req, res);
  80.   if (!session) {
  81.     res.status(403).end(FORBIDDEN);
  82.     return res;
  83.   }
  85.   if (!req.body?.commentId || !req.body?.dreamId) {
  86.     res.status(400).end(BAD_REQUEST);
  87.     return res;
  88.   }
  90.   try {
  91.     const result = await deleteComment(req.body.commentId, req.body.dreamId);
  93.     res.setHeader("Content-Type", "application/json");
  94.     res.status(200).send(result);
  96.     return res;
  97.   } catch (error) {
  98.     console.error({
  99.       error,
  100.       service: "api",
  101.       pathname: "/api/data/comments",
  102.       method: "delete",
  103.     });
  104.     res.status(500).end(SERVER_ERROR);
  106.     return res;
  107.   }
  108. }
  110. export default commentsHandler;