87 lines
2.6 KiB
TypeScript
87 lines
2.6 KiB
TypeScript
import { getServerSession } from "next-auth";
|
|
import { NextRequest, NextResponse } from "next/server";
|
|
import { authOptions } from "../../auth/[...nextauth]/route";
|
|
import { canUploadOrViewFiles } from "@/lib/auth/checkRole";
|
|
import { v4 as uuidv4 } from 'uuid';
|
|
import path from "path";
|
|
import { mkdirSync, existsSync, writeFileSync } from 'fs';
|
|
import { prisma } from "@/lib/prisma";
|
|
|
|
const MAX_SIZE_MB = parseInt(process.env.UPLOAD_FILE_SIZE || '10', 10);
|
|
const MAX_SIZE_BYTES = MAX_SIZE_MB * 1024 * 1024;
|
|
|
|
// Ensure it's relative to project root
|
|
const UPLOAD_DIR = path.join(process.cwd(), 'data/uploads');
|
|
|
|
export const config = {
|
|
api: {
|
|
bodyParser: false,
|
|
},
|
|
};
|
|
|
|
export async function POST(req: NextRequest) {
|
|
const session = await getServerSession(authOptions);
|
|
const user = session?.user;
|
|
|
|
if (!user || !canUploadOrViewFiles(user.role)) {
|
|
return NextResponse.json({ message: "Unauthorized" }, { status: 401 });
|
|
}
|
|
|
|
try {
|
|
const formData = await req.formData();
|
|
const file = formData.get("file") as File | null;
|
|
const eventId = formData.get("eventId") as string | null;
|
|
|
|
if (!file) {
|
|
return NextResponse.json({ error: "No file uploaded" }, { status: 400 });
|
|
}
|
|
|
|
if (file.size > MAX_SIZE_BYTES) {
|
|
return NextResponse.json({ error: `File exceeds ${MAX_SIZE_MB}MB` }, { status: 400 });
|
|
}
|
|
|
|
const allowedTypes = ["application/pdf", "image/jpeg", "image/png", "text/plain"];
|
|
if (!allowedTypes.includes(file.type)) {
|
|
return NextResponse.json({ error: "Unsupported file type" }, { status: 400 });
|
|
}
|
|
|
|
// Ensure uploads directory exists
|
|
if (!existsSync(UPLOAD_DIR)) {
|
|
mkdirSync(UPLOAD_DIR, { recursive: true });
|
|
}
|
|
|
|
// Create unique filename
|
|
const safeFileName = `${uuidv4()}-${file.name}`;
|
|
const fullPath = path.join(UPLOAD_DIR, safeFileName);
|
|
|
|
const arrayBuffer = await file.arrayBuffer();
|
|
const buffer = Buffer.from(arrayBuffer);
|
|
writeFileSync(fullPath, buffer);
|
|
|
|
// Save metadata in DB
|
|
const saved = await prisma.fileUpload.create({
|
|
data: {
|
|
filename: file.name,
|
|
filepath: fullPath,
|
|
filetype: file.type,
|
|
filesize: file.size,
|
|
uploadedBy: {
|
|
connect: { email: user.email! },
|
|
},
|
|
event: eventId ? {
|
|
connect: { id: eventId }
|
|
} : undefined,
|
|
},
|
|
});
|
|
|
|
return NextResponse.json({
|
|
message: "File uploaded successfully",
|
|
file: saved,
|
|
}, { status: 201 });
|
|
|
|
} catch (error) {
|
|
console.error("File upload error:", error);
|
|
return NextResponse.json({ error: "Internal server error" }, { status: 500 });
|
|
}
|
|
}
|