full upgrade
This commit is contained in:
@@ -1,6 +1,8 @@
|
||||
import { NextRequest, NextResponse } from 'next/server';
|
||||
import { prisma } from '@/lib/prisma';
|
||||
import { apiCache } from '@/lib/cache';
|
||||
import { checkRateLimit, getRateLimitHeaders } from '@/lib/auth';
|
||||
import { PrismaClientKnownRequestError } from '@prisma/client/runtime/library';
|
||||
|
||||
export async function GET(
|
||||
request: NextRequest,
|
||||
@@ -23,7 +25,20 @@ export async function GET(
|
||||
|
||||
return NextResponse.json(project);
|
||||
} catch (error) {
|
||||
console.error('Error fetching project:', error);
|
||||
// Handle missing database table gracefully
|
||||
if (error instanceof PrismaClientKnownRequestError && error.code === 'P2021') {
|
||||
if (process.env.NODE_ENV === 'development') {
|
||||
console.warn('Project table does not exist. Returning 404.');
|
||||
}
|
||||
return NextResponse.json(
|
||||
{ error: 'Project not found' },
|
||||
{ status: 404 }
|
||||
);
|
||||
}
|
||||
|
||||
if (process.env.NODE_ENV === 'development') {
|
||||
console.error('Error fetching project:', error);
|
||||
}
|
||||
return NextResponse.json(
|
||||
{ error: 'Failed to fetch project' },
|
||||
{ status: 500 }
|
||||
@@ -36,6 +51,21 @@ export async function PUT(
|
||||
{ params }: { params: Promise<{ id: string }> }
|
||||
) {
|
||||
try {
|
||||
// Rate limiting for PUT requests
|
||||
const ip = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || 'unknown';
|
||||
if (!checkRateLimit(ip, 5, 60000)) { // 5 requests per minute for PUT
|
||||
return new NextResponse(
|
||||
JSON.stringify({ error: 'Rate limit exceeded' }),
|
||||
{
|
||||
status: 429,
|
||||
headers: {
|
||||
'Content-Type': 'application/json',
|
||||
...getRateLimitHeaders(ip, 5, 60000)
|
||||
}
|
||||
}
|
||||
);
|
||||
}
|
||||
|
||||
// Check if this is an admin request
|
||||
const isAdminRequest = request.headers.get('x-admin-request') === 'true';
|
||||
if (!isAdminRequest) {
|
||||
@@ -68,7 +98,20 @@ export async function PUT(
|
||||
|
||||
return NextResponse.json(project);
|
||||
} catch (error) {
|
||||
console.error('Error updating project:', error);
|
||||
// Handle missing database table gracefully
|
||||
if (error instanceof PrismaClientKnownRequestError && error.code === 'P2021') {
|
||||
if (process.env.NODE_ENV === 'development') {
|
||||
console.warn('Project table does not exist.');
|
||||
}
|
||||
return NextResponse.json(
|
||||
{ error: 'Database table not found. Please run migrations.' },
|
||||
{ status: 503 }
|
||||
);
|
||||
}
|
||||
|
||||
if (process.env.NODE_ENV === 'development') {
|
||||
console.error('Error updating project:', error);
|
||||
}
|
||||
return NextResponse.json(
|
||||
{ error: 'Failed to update project', details: error instanceof Error ? error.message : 'Unknown error' },
|
||||
{ status: 500 }
|
||||
@@ -81,6 +124,30 @@ export async function DELETE(
|
||||
{ params }: { params: Promise<{ id: string }> }
|
||||
) {
|
||||
try {
|
||||
// Rate limiting for DELETE requests
|
||||
const ip = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || 'unknown';
|
||||
if (!checkRateLimit(ip, 3, 60000)) { // 3 requests per minute for DELETE (more restrictive)
|
||||
return new NextResponse(
|
||||
JSON.stringify({ error: 'Rate limit exceeded' }),
|
||||
{
|
||||
status: 429,
|
||||
headers: {
|
||||
'Content-Type': 'application/json',
|
||||
...getRateLimitHeaders(ip, 3, 60000)
|
||||
}
|
||||
}
|
||||
);
|
||||
}
|
||||
|
||||
// Check if this is an admin request
|
||||
const isAdminRequest = request.headers.get('x-admin-request') === 'true';
|
||||
if (!isAdminRequest) {
|
||||
return NextResponse.json(
|
||||
{ error: 'Admin access required' },
|
||||
{ status: 403 }
|
||||
);
|
||||
}
|
||||
|
||||
const { id: idParam } = await params;
|
||||
const id = parseInt(idParam);
|
||||
|
||||
@@ -94,7 +161,20 @@ export async function DELETE(
|
||||
|
||||
return NextResponse.json({ success: true });
|
||||
} catch (error) {
|
||||
console.error('Error deleting project:', error);
|
||||
// Handle missing database table gracefully
|
||||
if (error instanceof PrismaClientKnownRequestError && error.code === 'P2021') {
|
||||
if (process.env.NODE_ENV === 'development') {
|
||||
console.warn('Project table does not exist.');
|
||||
}
|
||||
return NextResponse.json(
|
||||
{ error: 'Database table not found. Please run migrations.' },
|
||||
{ status: 503 }
|
||||
);
|
||||
}
|
||||
|
||||
if (process.env.NODE_ENV === 'development') {
|
||||
console.error('Error deleting project:', error);
|
||||
}
|
||||
return NextResponse.json(
|
||||
{ error: 'Failed to delete project' },
|
||||
{ status: 500 }
|
||||
|
||||
@@ -2,6 +2,7 @@ import { NextRequest, NextResponse } from 'next/server';
|
||||
import { prisma } from '@/lib/prisma';
|
||||
import { apiCache } from '@/lib/cache';
|
||||
import { requireSessionAuth, checkRateLimit, getRateLimitHeaders } from '@/lib/auth';
|
||||
import { PrismaClientKnownRequestError } from '@prisma/client/runtime/library';
|
||||
|
||||
export async function GET(request: NextRequest) {
|
||||
try {
|
||||
@@ -96,7 +97,22 @@ export async function GET(request: NextRequest) {
|
||||
|
||||
return NextResponse.json(result);
|
||||
} catch (error) {
|
||||
console.error('Error fetching projects:', error);
|
||||
// Handle missing database table gracefully
|
||||
if (error instanceof PrismaClientKnownRequestError && error.code === 'P2021') {
|
||||
if (process.env.NODE_ENV === 'development') {
|
||||
console.warn('Project table does not exist. Returning empty result.');
|
||||
}
|
||||
return NextResponse.json({
|
||||
projects: [],
|
||||
total: 0,
|
||||
pages: 0,
|
||||
currentPage: 1
|
||||
});
|
||||
}
|
||||
|
||||
if (process.env.NODE_ENV === 'development') {
|
||||
console.error('Error fetching projects:', error);
|
||||
}
|
||||
return NextResponse.json(
|
||||
{ error: 'Failed to fetch projects' },
|
||||
{ status: 500 }
|
||||
@@ -106,6 +122,21 @@ export async function GET(request: NextRequest) {
|
||||
|
||||
export async function POST(request: NextRequest) {
|
||||
try {
|
||||
// Rate limiting for POST requests
|
||||
const ip = request.headers.get('x-forwarded-for') || request.headers.get('x-real-ip') || 'unknown';
|
||||
if (!checkRateLimit(ip, 5, 60000)) { // 5 requests per minute for POST
|
||||
return new NextResponse(
|
||||
JSON.stringify({ error: 'Rate limit exceeded' }),
|
||||
{
|
||||
status: 429,
|
||||
headers: {
|
||||
'Content-Type': 'application/json',
|
||||
...getRateLimitHeaders(ip, 5, 60000)
|
||||
}
|
||||
}
|
||||
);
|
||||
}
|
||||
|
||||
// Check if this is an admin request
|
||||
const isAdminRequest = request.headers.get('x-admin-request') === 'true';
|
||||
if (!isAdminRequest) {
|
||||
@@ -136,7 +167,20 @@ export async function POST(request: NextRequest) {
|
||||
|
||||
return NextResponse.json(project);
|
||||
} catch (error) {
|
||||
console.error('Error creating project:', error);
|
||||
// Handle missing database table gracefully
|
||||
if (error instanceof PrismaClientKnownRequestError && error.code === 'P2021') {
|
||||
if (process.env.NODE_ENV === 'development') {
|
||||
console.warn('Project table does not exist.');
|
||||
}
|
||||
return NextResponse.json(
|
||||
{ error: 'Database table not found. Please run migrations.' },
|
||||
{ status: 503 }
|
||||
);
|
||||
}
|
||||
|
||||
if (process.env.NODE_ENV === 'development') {
|
||||
console.error('Error creating project:', error);
|
||||
}
|
||||
return NextResponse.json(
|
||||
{ error: 'Failed to create project', details: error instanceof Error ? error.message : 'Unknown error' },
|
||||
{ status: 500 }
|
||||
|
||||
Reference in New Issue
Block a user