 Server : Apache/2 System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64 User : gositeme ( 1004) PHP Version : 8.2.29 Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname Directory : /home/gositeme/.cursor-server/data/User/History/34e9fabc/ |
import type { NextApiRequest, NextApiResponse } from 'next';
import { getServerSession } from 'next-auth';
import { authOptions } from '@/lib/auth';
import { prisma } from '@/lib/prisma';
import { canAccessRoom } from '@/lib/chat-permissions';
import { isSuperAdmin } from '@/lib/auth-utils';
export default async function handler(req: NextApiRequest, res: NextApiResponse) {
const session = await getServerSession(req, res, authOptions);
if (!session?.user) {
return res.status(401).json({ error: 'Unauthorized' });
}
if (req.method === 'GET') {
try {
console.log(`[API] Fetching rooms for user: ${session.user.name} (${session.user.role})`);
// Get all rooms
const allRooms = await prisma.chatRoom.findMany({
include: {
ChatParticipant: {
include: {
users: {
select: {
id: true,
name: true,
email: true,
role: true,
profilePicture: true,
title: true,
specialization: true,
availability: true,
lastActive: true,
bio: true
}
}
}
},
Message: {
take: 1,
orderBy: { createdAt: 'desc' },
include: {
users: {
select: {
id: true,
name: true,
role: true,
profilePicture: true,
title: true,
specialization: true,
availability: true,
lastActive: true,
bio: true
}
}
}
},
_count: { select: { Message: true } }
},
orderBy: { updatedAt: 'desc' }
});
console.log(`[API] Found ${allRooms.length} total rooms`);
// Filter rooms based on user's role permissions
const accessibleRooms = allRooms.filter(room =>
canAccessRoom(session.user.role, room.name, 'read')
);
console.log(`[API] User can access ${accessibleRooms.length} rooms`);
const result = accessibleRooms.map(room => ({
...room,
lastMessage: room.Message[0] || null,
}));
return res.status(200).json(result);
} catch (error) {
console.error('[API] Error fetching chat rooms:', error);
return res.status(500).json({ error: 'Failed to fetch chat rooms' });
}
}
if (req.method === 'POST') {
try {
const { roomId, name } = req.body;
// If roomId is provided, join existing room
if (roomId) {
// Check if user is already in the room
const existingParticipant = await prisma.chatParticipant.findFirst({
where: {
userId: session.user.id,
chatRoomId: roomId
}
});
if (existingParticipant) {
return res.status(200).json({ message: 'Already in room' });
}
// Add user to room
await prisma.chatParticipant.create({
data: {
userId: session.user.id,
chatRoomId: roomId,
role: 'MEMBER'
}
});
return res.status(200).json({ message: 'Joined room successfully' });
}
// If name is provided, create new room (admin only)
if (name) {
if (!isSuperAdmin(session) && session.user.role !== 'ADMIN') {
return res.status(403).json({ error: 'Only admins can create chat rooms' });
}
const newRoom = await prisma.chatRoom.create({
data: {
name,
type: 'GROUP',
participants: {
create: {
userId: session.user.id,
role: 'ADMIN'
}
},
createdBy: { connect: { id: session.user.id } }
},
include: {
participants: {
include: {
user: {
select: {
id: true,
name: true,
email: true,
role: true,
profilePicture: true,
title: true,
specialization: true,
availability: true,
lastActive: true,
bio: true
}
}
}
},
_count: {
select: {
messages: true
}
}
}
});
return res.status(201).json({
...newRoom,
participants: newRoom.participants.map(p => ({
user: p.user,
role: p.role
})),
});
}
return res.status(400).json({ error: 'Room ID or name is required' });
} catch (error) {
console.error('Error joining/creating chat room:', error);
return res.status(500).json({ error: 'Failed to join/create chat room' });
}
}
if (req.method === 'DELETE') {
if (!isSuperAdmin(session) && session.user.role !== 'ADMIN') {
return res.status(403).json({ error: 'Only admins can delete chat rooms.' });
}
const { roomId } = req.query;
if (!roomId || typeof roomId !== 'string') {
return res.status(400).json({ error: 'Room ID is required.' });
}
try {
await prisma.$transaction([
prisma.message.deleteMany({ where: { chatRoomId: roomId } }),
prisma.chatParticipant.deleteMany({ where: { chatRoomId: roomId } }),
prisma.chatRoom.delete({ where: { id: roomId } })
]);
return res.status(200).json({ message: 'Room deleted successfully.' });
} catch (error) {
console.error(`Failed to delete room ${roomId}:`, error);
return res.status(500).json({ error: 'Failed to delete room.' });
}
}
return res.status(405).json({ error: 'Method not allowed' });
}