cfff74e2db
Souq Marketplace: - Native souq pages: browse+filters, create listing, detail+seller profile, orders+chat - New API: reviews (POST), sellers/[id], upload (multipart), polar-checkout webhook - Listings API enhanced: minPrice, maxPrice, sortBy, deliveryDays filters - Seller workflow: start order, mark delivered, upload files, confirm delivery - Wallet: 5 Polar.sh FLH tiers, production checkout, mock fallback, success banner - Fix: order redirect /souq/history → /souq/orders Auth System: - Unified auth page, removed OAuth provider routing (2 files deleted) - Deleted oauth.ts (319 lines) — simplified auth chain - Streamlined login/register API routes Prisma Schema (+179 lines): - New models: Listing, Purchase, Review, Group/GroupMember - Gamification: DailyStreak, XpTransaction, Achievement, UserLevel - Learning: LearnCourse/Module/Enrollment/Certificate - Notifications, Referrals, Dhikr, PremiumBenefits Deleted legacy code: - src/app/api/marketplace/* (3 files) — replaced by /api/souq/* - src/app/api/files/[listingId]/route.ts — replaced by /api/souq/upload - src/app/api/seller/[sellerId]/route.ts — replaced by /api/souq/sellers/[id] Infrastructure: - Dockerfile: standalone output, Prisma runtime migration - docker-compose.yml: Polar env vars, healthcheck fix - docker-compose.staging.yml: staging on port 4014 - .gitea/workflows/ci.yml: CI pipeline
251 lines
6.9 KiB
TypeScript
251 lines
6.9 KiB
TypeScript
import { NextRequest, NextResponse } from "next/server";
|
|
import { prisma } from "@/lib/prisma";
|
|
import { requireAuth } from "@/lib/auth";
|
|
|
|
// GET /api/souq/orders/[id] — order detail
|
|
export async function GET(
|
|
request: NextRequest,
|
|
{ params }: { params: Promise<{ id: string }> }
|
|
) {
|
|
try {
|
|
const auth = await requireAuth(request);
|
|
if (!auth) {
|
|
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
|
}
|
|
|
|
const { id } = await params;
|
|
|
|
const order = await prisma.purchase.findUnique({
|
|
where: { id },
|
|
include: {
|
|
listing: {
|
|
select: { id: true, title: true, category: true, subcategory: true, priceFlh: true, description: true, deliveryDays: true },
|
|
},
|
|
buyer: {
|
|
select: { id: true, name: true, email: true, avatar: true },
|
|
},
|
|
seller: {
|
|
select: { id: true, name: true, email: true, avatar: true },
|
|
},
|
|
},
|
|
});
|
|
|
|
if (!order) {
|
|
return NextResponse.json(
|
|
{ error: "Order not found" },
|
|
{ status: 404 }
|
|
);
|
|
}
|
|
|
|
// Verify user is either the buyer or seller
|
|
if (order.buyerId !== auth.userId && order.sellerId !== auth.userId) {
|
|
return NextResponse.json(
|
|
{ error: "Forbidden: you are not a party to this order" },
|
|
{ status: 403 }
|
|
);
|
|
}
|
|
|
|
// Check if the current user (buyer) has already reviewed this order
|
|
let hasReviewed = false;
|
|
if (order.status === "completed" && order.buyerId === auth.userId) {
|
|
const existingReview = await prisma.review.findFirst({
|
|
where: { purchaseId: order.id, reviewerId: auth.userId },
|
|
select: { id: true },
|
|
});
|
|
hasReviewed = !!existingReview;
|
|
}
|
|
|
|
// Parse JSON fields
|
|
const data = order as any;
|
|
return NextResponse.json({
|
|
order: {
|
|
...data,
|
|
messages: data.messages ? JSON.parse(data.messages) : [],
|
|
deliveryFiles: data.deliveryFiles ? JSON.parse(data.deliveryFiles) : [],
|
|
},
|
|
hasReviewed,
|
|
});
|
|
} catch (error) {
|
|
console.error("GET /api/souq/orders/[id] error:", error);
|
|
return NextResponse.json(
|
|
{ error: "Internal server error" },
|
|
{ status: 500 }
|
|
);
|
|
}
|
|
}
|
|
|
|
// PATCH /api/souq/orders/[id] — update order status or add messages
|
|
export async function PATCH(
|
|
request: NextRequest,
|
|
{ params }: { params: Promise<{ id: string }> }
|
|
) {
|
|
try {
|
|
const auth = await requireAuth(request);
|
|
if (!auth) {
|
|
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
|
}
|
|
|
|
const { id } = await params;
|
|
|
|
const order = await prisma.purchase.findUnique({
|
|
where: { id },
|
|
});
|
|
|
|
if (!order) {
|
|
return NextResponse.json(
|
|
{ error: "Order not found" },
|
|
{ status: 404 }
|
|
);
|
|
}
|
|
|
|
// Verify user is either the buyer or seller
|
|
if (order.buyerId !== auth.userId && order.sellerId !== auth.userId) {
|
|
return NextResponse.json(
|
|
{ error: "Forbidden: you are not a party to this order" },
|
|
{ status: 403 }
|
|
);
|
|
}
|
|
|
|
const body = await request.json();
|
|
const { status: newStatus, message, deliveryFiles } = body;
|
|
|
|
const updateData: Record<string, unknown> = {};
|
|
|
|
// Update status if provided
|
|
if (newStatus) {
|
|
const validStatuses = [
|
|
"pending",
|
|
"paid",
|
|
"in_progress",
|
|
"delivered",
|
|
"completed",
|
|
"disputed",
|
|
"cancelled",
|
|
];
|
|
|
|
if (!validStatuses.includes(newStatus)) {
|
|
return NextResponse.json(
|
|
{
|
|
error: `Invalid status. Must be one of: ${validStatuses.join(", ")}`,
|
|
},
|
|
{ status: 400 }
|
|
);
|
|
}
|
|
|
|
// Validate status transitions
|
|
const validTransitions: Record<string, string[]> = {
|
|
paid: ["in_progress", "cancelled"],
|
|
in_progress: ["delivered", "disputed"],
|
|
delivered: ["completed", "disputed"],
|
|
completed: [],
|
|
disputed: ["completed", "cancelled"],
|
|
cancelled: [],
|
|
pending: ["paid", "cancelled"],
|
|
};
|
|
|
|
const allowed = validTransitions[order.status] || [];
|
|
if (!allowed.includes(newStatus)) {
|
|
return NextResponse.json(
|
|
{
|
|
error: `Cannot transition from "${order.status}" to "${newStatus}"`,
|
|
},
|
|
{ status: 400 }
|
|
);
|
|
}
|
|
|
|
// Only seller can mark as in_progress or delivered
|
|
if (
|
|
(newStatus === "in_progress" || newStatus === "delivered") &&
|
|
auth.userId !== order.sellerId
|
|
) {
|
|
return NextResponse.json(
|
|
{ error: "Only the seller can update to this status" },
|
|
{ status: 403 }
|
|
);
|
|
}
|
|
|
|
// Only buyer can mark as completed
|
|
if (newStatus === "completed" && auth.userId !== order.buyerId) {
|
|
return NextResponse.json(
|
|
{ error: "Only the buyer can mark an order as completed" },
|
|
{ status: 403 }
|
|
);
|
|
}
|
|
|
|
updateData.status = newStatus;
|
|
}
|
|
|
|
// Add a message if provided
|
|
if (message) {
|
|
if (typeof message !== "string" || message.trim().length === 0) {
|
|
return NextResponse.json(
|
|
{ error: "Message must be a non-empty string" },
|
|
{ status: 400 }
|
|
);
|
|
}
|
|
|
|
const existingMessages = order.messages
|
|
? (JSON.parse(order.messages) as Array<Record<string, unknown>>)
|
|
: [];
|
|
|
|
const newMessage = {
|
|
from: auth.userId,
|
|
text: message.trim(),
|
|
timestamp: new Date().toISOString(),
|
|
};
|
|
|
|
existingMessages.push(newMessage);
|
|
updateData.messages = JSON.stringify(existingMessages);
|
|
}
|
|
|
|
// Update delivery files if provided
|
|
if (deliveryFiles) {
|
|
if (!Array.isArray(deliveryFiles)) {
|
|
return NextResponse.json(
|
|
{ error: "deliveryFiles must be an array" },
|
|
{ status: 400 }
|
|
);
|
|
}
|
|
updateData.deliveryFiles = JSON.stringify(deliveryFiles);
|
|
}
|
|
|
|
if (Object.keys(updateData).length === 0) {
|
|
return NextResponse.json(
|
|
{ error: "No fields to update. Provide status, message, or deliveryFiles." },
|
|
{ status: 400 }
|
|
);
|
|
}
|
|
|
|
const updated = await prisma.purchase.update({
|
|
where: { id },
|
|
data: updateData,
|
|
include: {
|
|
listing: {
|
|
select: { id: true, title: true, category: true },
|
|
},
|
|
buyer: {
|
|
select: { id: true, name: true, email: true, avatar: true },
|
|
},
|
|
seller: {
|
|
select: { id: true, name: true, email: true, avatar: true },
|
|
},
|
|
},
|
|
});
|
|
|
|
const data = updated as any;
|
|
return NextResponse.json({
|
|
order: {
|
|
...data,
|
|
messages: data.messages ? JSON.parse(data.messages) : [],
|
|
deliveryFiles: data.deliveryFiles ? JSON.parse(data.deliveryFiles) : [],
|
|
},
|
|
});
|
|
} catch (error) {
|
|
console.error("PATCH /api/souq/orders/[id] error:", error);
|
|
return NextResponse.json(
|
|
{ error: "Internal server error" },
|
|
{ status: 500 }
|
|
);
|
|
}
|
|
}
|