diff --git a/src/app/api/create-order/route.ts b/src/app/api/create-order/route.ts index c314151..936b528 100644 --- a/src/app/api/create-order/route.ts +++ b/src/app/api/create-order/route.ts @@ -1,8 +1,13 @@ import { NextRequest, NextResponse } from "next/server"; import { razorpay } from "@/lib/razorpay"; import { randomUUID } from "crypto"; +import { getServerSideSession } from "@/lib/get-server-session"; export async function POST(request: NextRequest) { + const session = await getServerSideSession(); + if (!session) { + return NextResponse.json({ message: "No session", isOk: false }, { status: 400 }); + } const { amount } = await request.json(); if (!amount || typeof amount !== "number" || amount <= 0) { return NextResponse.json({ error: "Invalid amount" }, { status: 400 }); diff --git a/src/app/api/users/payment/route.ts b/src/app/api/users/payment/route.ts index e375a60..0e3c476 100644 --- a/src/app/api/users/payment/route.ts +++ b/src/app/api/users/payment/route.ts @@ -5,6 +5,14 @@ import { NextRequest, NextResponse } from "next/server"; export const dynamic = "force-dynamic"; export async function GET(request: NextRequest) { + const session = await getServerSideSession(); + if (!session) { + return NextResponse.json({ message: "Unauthorized" }, { status: 401 }); + } + + if (session.user?.role !== "ADMIN") { + return NextResponse.json({ error: "Unauthorized" }, { status: 403 }); + } const { searchParams } = new URL(request.url); try { const page = Math.max(1, parseInt(searchParams.get("page") || "1", 10)); diff --git a/src/app/api/users/route.ts b/src/app/api/users/route.ts index 4a99ef6..b0ce895 100644 --- a/src/app/api/users/route.ts +++ b/src/app/api/users/route.ts @@ -1,49 +1,57 @@ +import { getServerSideSession } from "@/lib/get-server-session"; import prisma from "@/server/db"; import { NextResponse } from "next/server"; export const dynamic = "force-dynamic"; + export async function GET(req: Request) { - const { searchParams } = new URL(req.url); - try { - const page = Math.max(1, parseInt(searchParams.get("page") || "1", 10)); - const search = searchParams.get("search") || ""; - const limit = 10; + const session = await getServerSideSession(); + if (!session) { + return NextResponse.json({ message: "Unauthorized" }, { status: 401 }); + } + + if (session.user?.role !== "ADMIN") { + return NextResponse.json({ error: "Unauthorized" }, { status: 403 }); + } + + const { searchParams } = new URL(req.url); + try { + const page = Math.max(1, parseInt(searchParams.get("page") || "1", 10)); + const search = searchParams.get("search") || ""; + const limit = 10; - const [users, totalCount] = await Promise.all([ - prisma.user.findMany({ - skip: (page - 1) * limit, - take: limit, - where: { - name: { - contains: search, - }, - }, - }), - prisma.user.count({ - // Get the total number of users for pagination - where: { - name: { - contains: search, - }, - }, - }), - ]); + const [users, totalCount] = await Promise.all([ + prisma.user.findMany({ + skip: (page - 1) * limit, + take: limit, + where: { + name: { + contains: search, + }, + }, + }), + prisma.user.count({ + // Get the total number of users for pagination + where: { + name: { + contains: search, + }, + }, + }), + ]); - const totalPages = Math.ceil(totalCount / limit); + const totalPages = Math.ceil(totalCount / limit); - return NextResponse.json({ - users, - pagination: { - currentPage: page, - totalPages, - totalCount, - limit, - }, - }); - } catch (error) { - console.error("Failed to fetch users:", error); - return NextResponse.json( - { message: "Failed to fetch users", status: 500 }, - { status: 500 }, - ); - } + return NextResponse.json({ + users, + pagination: { + currentPage: page, + totalPages, + totalCount, + limit, + }, + }); + } catch (error) { + console.error("Failed to fetch users:", error); + return NextResponse.json({ message: "Failed to fetch users", status: 500 }, { status: 500 }); + } } diff --git a/src/app/api/verify-order/[id]/route.ts b/src/app/api/verify-order/[id]/route.ts index 91a4b17..17f6823 100644 --- a/src/app/api/verify-order/[id]/route.ts +++ b/src/app/api/verify-order/[id]/route.ts @@ -1,19 +1,18 @@ import { authOptions } from "@/lib/auth-options"; +import { getServerSideSession } from "@/lib/get-server-session"; import { razorpay } from "@/lib/razorpay"; import { getServerSession } from "next-auth/next"; import { NextRequest, NextResponse } from "next/server"; export async function GET(request: NextRequest, context: { params: { id: string } }) { - // Check authentication - // const session = await getServerSession(authOptions); - // if (!session) { - // return NextResponse.json({ message: "Unauthorized" }, { status: 401 }); - // } + const session = await getServerSideSession(); + if (!session) { + return NextResponse.json({ message: "Unauthorized" }, { status: 401 }); + } - // // Check authorization (assuming 'role' is part of the session) - // if (session.user?.role !== "ADMIN") { - // return NextResponse.json({ message: "Forbidden" }, { status: 403 }); - // } + if (session.user?.role !== "ADMIN") { + return NextResponse.json({ error: "Unauthorized" }, { status: 403 }); + } const { id } = context.params; diff --git a/src/app/api/verify-order/route.ts b/src/app/api/verify-order/route.ts index 1309186..ef8cd5d 100644 --- a/src/app/api/verify-order/route.ts +++ b/src/app/api/verify-order/route.ts @@ -5,52 +5,43 @@ import { sendRegistrationEmail } from "@/lib/send-registration-email"; import { generatedSignature } from "@/lib/helper"; export async function POST(request: NextRequest) { - const { orderId, razorpayPaymentId, razorpaySignature, amount } = - await request.json(); - const session = await getServerSideSession(); - if (!session) { - return NextResponse.json( - { message: "No session", isOk: false }, - { status: 400 }, - ); - } - const signature = generatedSignature(orderId, razorpayPaymentId); - if (signature !== razorpaySignature) { - return NextResponse.json( - { message: "payment verification failed", isOk: false }, - { status: 400 }, - ); - } - if (signature === razorpaySignature) { - const user = await prisma.user.findUnique({ - where: { - email: session.user?.email!, - }, - }); + const session = await getServerSideSession(); + if (!session) { + return NextResponse.json({ message: "No session", isOk: false }, { status: 400 }); + } + const { orderId, razorpayPaymentId, razorpaySignature, amount } = await request.json(); + + const signature = generatedSignature(orderId, razorpayPaymentId); + if (signature !== razorpaySignature) { + return NextResponse.json({ message: "payment verification failed", isOk: false }, { status: 400 }); + } + if (signature === razorpaySignature) { + const user = await prisma.user.findUnique({ + where: { + email: session.user?.email!, + }, + }); - try { - await sendRegistrationEmail({ - email: session.user?.email!, - name: session.user?.name!, - registrationLink: `${process.env.NEXT_PUBLIC_SITE_URL}/admin/verify/${razorpayPaymentId}`, - }); - } catch (error) { - console.log(error); + try { + await sendRegistrationEmail({ + email: session.user?.email!, + name: session.user?.name!, + registrationLink: `${process.env.NEXT_PUBLIC_SITE_URL}/admin/verify/${razorpayPaymentId}`, + }); + } catch (error) { + console.log(error); + } + await prisma.$transaction(async (prisma) => { + await prisma.payment.create({ + data: { + amount: amount, + orderCreationId: orderId, + razorpayPaymentId: razorpayPaymentId, + signature: razorpaySignature, + user: { connect: { email: session.user?.email! } }, + }, + }); + }); + return NextResponse.json({ message: "payment verified successfully", isOk: true }, { status: 200 }); } - await prisma.$transaction(async (prisma) => { - await prisma.payment.create({ - data: { - amount: amount, - orderCreationId: orderId, - razorpayPaymentId: razorpayPaymentId, - signature: razorpaySignature, - user: { connect: { email: session.user?.email! } }, - }, - }); - }); - return NextResponse.json( - { message: "payment verified successfully", isOk: true }, - { status: 200 }, - ); - } }