195 lines
4.9 KiB
TypeScript
195 lines
4.9 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server'
|
|
import pool from '@/lib/db'
|
|
import bcrypt from 'bcrypt'
|
|
|
|
// GET /api/buyers/[id] - Get a specific buyer
|
|
export async function GET(
|
|
request: NextRequest,
|
|
{ params }: { params: { id: string } }
|
|
) {
|
|
try {
|
|
const id = parseInt(params.id, 10)
|
|
if (isNaN(id)) {
|
|
return NextResponse.json(
|
|
{ error: 'Invalid buyer ID' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
const [rows] = await pool.execute(
|
|
'SELECT id, username, email, created_at FROM buyers WHERE id = ?',
|
|
[id]
|
|
)
|
|
|
|
const buyers = rows as any[]
|
|
if (buyers.length === 0) {
|
|
return NextResponse.json(
|
|
{ error: 'Buyer not found' },
|
|
{ status: 404 }
|
|
)
|
|
}
|
|
|
|
return NextResponse.json(buyers[0])
|
|
} catch (error) {
|
|
console.error('Error fetching buyer:', error)
|
|
return NextResponse.json(
|
|
{ error: 'Failed to fetch buyer' },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
}
|
|
|
|
// PUT /api/buyers/[id] - Update a buyer
|
|
export async function PUT(
|
|
request: NextRequest,
|
|
{ params }: { params: { id: string } }
|
|
) {
|
|
try {
|
|
const id = parseInt(params.id, 10)
|
|
if (isNaN(id)) {
|
|
return NextResponse.json(
|
|
{ error: 'Invalid buyer ID' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
const body = await request.json()
|
|
const { username, email, password } = body
|
|
|
|
// Check if buyer exists
|
|
const [existingRows] = await pool.execute(
|
|
'SELECT id FROM buyers WHERE id = ?',
|
|
[id]
|
|
)
|
|
const existing = existingRows as any[]
|
|
if (existing.length === 0) {
|
|
return NextResponse.json(
|
|
{ error: 'Buyer not found' },
|
|
{ status: 404 }
|
|
)
|
|
}
|
|
|
|
// Build update query dynamically based on provided fields
|
|
const updates: string[] = []
|
|
const values: any[] = []
|
|
|
|
if (username !== undefined) {
|
|
// Check if username already exists (excluding current buyer)
|
|
const [usernameCheck] = await pool.execute(
|
|
'SELECT id FROM buyers WHERE username = ? AND id != ?',
|
|
[username, id]
|
|
)
|
|
if ((usernameCheck as any[]).length > 0) {
|
|
return NextResponse.json(
|
|
{ error: 'Username already exists' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
updates.push('username = ?')
|
|
values.push(username)
|
|
}
|
|
|
|
if (email !== undefined) {
|
|
// Validate email format
|
|
const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/
|
|
if (!emailRegex.test(email)) {
|
|
return NextResponse.json(
|
|
{ error: 'Invalid email format' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
// Check if email already exists (excluding current buyer)
|
|
const [emailCheck] = await pool.execute(
|
|
'SELECT id FROM buyers WHERE email = ? AND id != ?',
|
|
[email, id]
|
|
)
|
|
if ((emailCheck as any[]).length > 0) {
|
|
return NextResponse.json(
|
|
{ error: 'Email already exists' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
updates.push('email = ?')
|
|
values.push(email)
|
|
}
|
|
|
|
if (password !== undefined) {
|
|
if (password.length < 6) {
|
|
return NextResponse.json(
|
|
{ error: 'Password must be at least 6 characters' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
const hashedPassword = await bcrypt.hash(password, 10)
|
|
updates.push('password = ?')
|
|
values.push(hashedPassword)
|
|
}
|
|
|
|
if (updates.length === 0) {
|
|
return NextResponse.json(
|
|
{ error: 'No fields to update' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
values.push(id)
|
|
const query = `UPDATE buyers SET ${updates.join(', ')} WHERE id = ?`
|
|
await pool.execute(query, values)
|
|
|
|
// Fetch updated buyer
|
|
const [rows] = await pool.execute(
|
|
'SELECT id, username, email, created_at FROM buyers WHERE id = ?',
|
|
[id]
|
|
)
|
|
|
|
return NextResponse.json((rows as any[])[0])
|
|
} catch (error) {
|
|
console.error('Error updating buyer:', error)
|
|
return NextResponse.json(
|
|
{ error: 'Failed to update buyer' },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
}
|
|
|
|
// DELETE /api/buyers/[id] - Delete a buyer
|
|
export async function DELETE(
|
|
request: NextRequest,
|
|
{ params }: { params: { id: string } }
|
|
) {
|
|
try {
|
|
const id = parseInt(params.id, 10)
|
|
if (isNaN(id)) {
|
|
return NextResponse.json(
|
|
{ error: 'Invalid buyer ID' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
// Check if buyer exists
|
|
const [existingRows] = await pool.execute(
|
|
'SELECT id FROM buyers WHERE id = ?',
|
|
[id]
|
|
)
|
|
const existing = existingRows as any[]
|
|
if (existing.length === 0) {
|
|
return NextResponse.json(
|
|
{ error: 'Buyer not found' },
|
|
{ status: 404 }
|
|
)
|
|
}
|
|
|
|
// Delete buyer (cascade will handle related sales)
|
|
await pool.execute('DELETE FROM buyers WHERE id = ?', [id])
|
|
|
|
return NextResponse.json({ success: true })
|
|
} catch (error) {
|
|
console.error('Error deleting buyer:', error)
|
|
return NextResponse.json(
|
|
{ error: 'Failed to delete buyer' },
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
}
|
|
|