From 6356456a1803c4882625c47b81108625d1d11bd1 Mon Sep 17 00:00:00 2001
From: AlexBocken <alexander@bocken.org>
Date: Mon, 24 Jul 2023 22:59:09 +0200
Subject: [PATCH] added missing payments api routes

---
 src/routes/api/payments/add/+server.ts        |  4 +--
 src/routes/api/payments/delete/+server.ts     | 24 ++++++++++++++++
 src/routes/api/payments/edit/+server.ts       | 27 ++++++++++++++++++
 src/routes/api/payments/item/[id]/+server.ts  | 27 ++++++++++++++++++
 .../api/payments/items/[range]/+server.ts     | 28 +++++++++++++++++++
 src/routes/api/payments/payees/+server.ts     | 26 +++++++++++++++++
 6 files changed, 133 insertions(+), 3 deletions(-)
 create mode 100644 src/routes/api/payments/delete/+server.ts
 create mode 100644 src/routes/api/payments/edit/+server.ts
 create mode 100644 src/routes/api/payments/item/[id]/+server.ts
 create mode 100644 src/routes/api/payments/items/[range]/+server.ts
 create mode 100644 src/routes/api/payments/payees/+server.ts

diff --git a/src/routes/api/payments/add/+server.ts b/src/routes/api/payments/add/+server.ts
index 5735d2e..2646a52 100644
--- a/src/routes/api/payments/add/+server.ts
+++ b/src/routes/api/payments/add/+server.ts
@@ -9,7 +9,6 @@ import {IMAGE_DIR} from '$env/static/private';
 
 export const POST: RequestHandler = async ({request, cookies}) => {
   	const user = await authenticateUser(cookies)
-	console.log(user)
   	if(!user){
   		throw error(401, "Not logged in")
   	}
@@ -25,7 +24,6 @@ export const POST: RequestHandler = async ({request, cookies}) => {
 			payee: formData.get("payee"),
 			added_by: user._id
 		}
-
 		await dbConnect();
 		let id;
   		try{
@@ -38,7 +36,7 @@ export const POST: RequestHandler = async ({request, cookies}) => {
   		await dbDisconnect();
 		const img = formData.get("file")
 		if(img){
-			console.log("IMG:", img)
+			//this feels stupid, is there a smarter way directly to Buffer?
 			const full_res = Buffer.from(await img.arrayBuffer())
 
 			await sharp(full_res)
diff --git a/src/routes/api/payments/delete/+server.ts b/src/routes/api/payments/delete/+server.ts
new file mode 100644
index 0000000..1c42309
--- /dev/null
+++ b/src/routes/api/payments/delete/+server.ts
@@ -0,0 +1,24 @@
+import type { RequestHandler } from '@sveltejs/kit';
+import { Payment } from '../../../../models/Payment';
+import { dbConnect, dbDisconnect } from '../../../../utils/db';
+import { error } from '@sveltejs/kit';
+import { authenticateUser } from '$lib/js/authenticate';
+// header: use for bearer token for now
+// recipe json in body
+export const POST: RequestHandler = async ({request, cookies}) => {
+  	let json = await request.json()
+
+  	const user = await authenticateUser(cookies)
+  	if(!user) throw error(401, "Need to be logged in")
+  	if(!user.access.includes("abrechnung")){
+		throw error(401, "Insufficient permissions")
+	}
+	else{
+		await dbConnect();
+		await Payment.findOneAndDelete({_id: json.id});
+  		await dbDisconnect();
+		return new Response(JSON.stringify({msg: "Deleted payment successfully"}),{
+			    status: 200,
+  		});
+	}
+}
diff --git a/src/routes/api/payments/edit/+server.ts b/src/routes/api/payments/edit/+server.ts
new file mode 100644
index 0000000..2bed766
--- /dev/null
+++ b/src/routes/api/payments/edit/+server.ts
@@ -0,0 +1,27 @@
+import type { RequestHandler } from '@sveltejs/kit';
+import { Payment } from '../../../../models/Payment';
+import { dbConnect, dbDisconnect } from '../../../../utils/db';
+import { error } from '@sveltejs/kit';
+import { authenticateUser } from '$lib/js/authenticate';
+// header: use for bearer token for now
+// recipe json in body
+export const POST: RequestHandler = async ({request, cookies}) => {
+  let message = await request.json()
+  const json = message.payment
+  const user = await authenticateUser(cookies)
+  if(!user){
+	  throw error(403, "Not logged in")
+  }
+  else if(!user.access.includes("abrechnung")){
+	throw error(403, "This user does not have edit permissions for payments")
+  }
+  else{
+	await dbConnect();
+	await Payment.findOneAndUpdate({_id: json.id}, json);
+  	await dbDisconnect();
+	return new Response(JSON.stringify({msg: "Edited payment successfully"}),{
+			    status: 200,
+  	});
+
+  }
+};
diff --git a/src/routes/api/payments/item/[id]/+server.ts b/src/routes/api/payments/item/[id]/+server.ts
new file mode 100644
index 0000000..db99878
--- /dev/null
+++ b/src/routes/api/payments/item/[id]/+server.ts
@@ -0,0 +1,27 @@
+import type { RequestHandler } from '@sveltejs/kit';
+import { Payment } from '../../../../models/Payment';
+import { dbConnect, dbDisconnect } from '../../../../utils/db';
+import { error } from '@sveltejs/kit';
+import { authenticateUser } from '$lib/js/authenticate';
+// header: use for bearer token for now
+// recipe json in body
+export const POST: RequestHandler = async ({request, cookies}) => {
+  let message = await request.json()
+  const json = message.payment
+  const user = await authenticateUser(cookies)
+  if(!user){
+	  throw error(403, "Not logged in")
+  }
+  else if(!user.access.includes("abrechnung")){
+	throw error(403, "This user does not have edit permissions for payments")
+  }
+  else{
+	await dbConnect();
+	const payment = await Payment.findOne({_id: json.id}).lean();
+  	await dbDisconnect();
+	return new Response(JSON.stringify({payment}),{
+			    status: 200,
+  	});
+
+  }
+};
diff --git a/src/routes/api/payments/items/[range]/+server.ts b/src/routes/api/payments/items/[range]/+server.ts
new file mode 100644
index 0000000..6bd8e42
--- /dev/null
+++ b/src/routes/api/payments/items/[range]/+server.ts
@@ -0,0 +1,28 @@
+import type { RequestHandler } from '@sveltejs/kit';
+import { Payment } from '../../../../../models/Payment';
+import { dbConnect, dbDisconnect } from '../../../../../utils/db';
+import { error } from '@sveltejs/kit';
+import { authenticateUser } from '$lib/js/authenticate';
+// header: use for bearer token for now
+// recipe json in body
+export const POST: RequestHandler = async ({request, cookies, params}) => {
+  let message = await request.json()
+  const n = params.range
+  const start = message?.start ?? 0;
+  const user = await authenticateUser(cookies)
+  if(!user){
+	  throw error(403, "Not logged in")
+  }
+  else if(!user.access.includes("abrechnung")){
+	throw error(403, "This user does not have viewing permissions for payments")
+  }
+  else{
+	await dbConnect();
+	const payments = await Payment.find({}).sort({ date: -1 }).skip(start).limit(n).lean()
+  	await dbDisconnect();
+	return new Response(JSON.stringify({payments}),{
+			    status: 200,
+  	});
+
+  }
+};
diff --git a/src/routes/api/payments/payees/+server.ts b/src/routes/api/payments/payees/+server.ts
new file mode 100644
index 0000000..8fd7a60
--- /dev/null
+++ b/src/routes/api/payments/payees/+server.ts
@@ -0,0 +1,26 @@
+import type { RequestHandler } from '@sveltejs/kit';
+import { Payment } from '../../../../models/Payment';
+import { dbConnect, dbDisconnect } from '../../../../utils/db';
+import { error } from '@sveltejs/kit';
+import { authenticateUser } from '$lib/js/authenticate';
+import { User } from '../../../../models/User';
+// header: use for bearer token for now
+// recipe json in body
+export const GET: RequestHandler = async ({request, cookies}) => {
+  const user = await authenticateUser(cookies)
+  if(!user){
+	  throw error(403, "Not logged in")
+  }
+  else if(!user.access.includes("abrechnung")){
+	throw error(403, "This user does not have edit permissions for payments")
+  }
+  else{
+	await dbConnect();
+	const users = await User.find({access: "abrechnung"}, 'username').lean()
+  	await dbDisconnect();
+	return new Response(JSON.stringify({users}),{
+			    status: 200,
+  	});
+
+  }
+};