car-crushers-portal/functions/api/inactivity/[id].ts

import { jsonError } from "../../common.js";
import sendEmail from "../../email.js";
import { sendPushNotification } from "../../gcloud.js";
import validateInactivityNotice from "./validate.js";

export async function onRequestDelete(context: RequestContext) {
  const kvResult = await context.env.DATA.get(
    `inactivity_${context.params.id}`,
  );

  if (!kvResult) return jsonError("No inactivity notice with that ID", 404);

  if (
    JSON.parse(kvResult).user.id !== context.data.current_user.id &&
    !(context.data.current_user.permissions & (1 << 0))
  )
    return jsonError(
      "You do not have permission to delete this inactivity notice",
      403,
    );

  await context.env.DATA.delete(`inactivity_${context.params.id}`);
  await context.env.D1.prepare("DELETE FROM inactivity_notices WHERE id = ?;")
    .bind(context.params.id)
    .run();

  return new Response(null, {
    status: 204,
  });
}

export async function onRequestPost(context: RequestContext) {
  const { accepted }: { accepted?: boolean } = context.data.body;

  if (typeof accepted !== "boolean")
    return jsonError("'accepted' must be a boolean", 400);

  const adminDepartments: { [k: string]: number } = {
    DM: 1 << 11,
    ET: 1 << 4,
    FM: 1 << 7,
    WM: 1 << 6,
  };

  const userAdminDepartments = Object.keys(adminDepartments).filter(
    (dept) => context.data.current_user.permissions & adminDepartments[dept],
  );

  if (!userAdminDepartments.length)
    return jsonError("You are not a manager of any departments", 403);

  const requestedNotice: { [k: string]: any } | null =
    await context.env.DATA.get(`inactivity_${context.params.id as string}`, {
      type: "json",
    });

  if (!requestedNotice)
    return jsonError("Inactivity notices does not exist", 404);

  const decisions: { [dept: string]: boolean } = {};

  for (const department of userAdminDepartments)
    decisions[department] = accepted;

  requestedNotice.decisions = decisions;

  if (Object.values(decisions).length === requestedNotice.departments.length) {
    requestedNotice.open = false;

    const approved = !Object.values(decisions).find((d) => !d);

    await context.env.D1.prepare(
      "UPDATE inactivity_notices SET open = 0 WHERE id = ?;",
    )
      .bind(context.params.id)
      .run();

    if (requestedNotice.fcm_token) {
      await sendPushNotification(
        context.env,
        `Inactivity Request ${approved ? "Approved" : "Denied"}`,
        accepted
          ? "Your inactivity request was approved."
          : "Your inactivity request was denied, please reach to management if you require more details.",
        requestedNotice.fcm_token,
      );
    } else {
      await sendEmail(
        requestedNotice.user.email,
        context.env.MAILGUN_API_KEY,
        `Inactivity Request ${approved ? "Approved" : "Denied"}`,
        `inactivity_${approved ? "approved" : "denied"}`,
        { username: requestedNotice.user.username },
      );
    }

    delete requestedNotice.user.email;
  }

  await context.env.DATA.put(
    `inactivity_${context.params.id as string}`,
    JSON.stringify(requestedNotice),
    { expirationTtl: 63072000 },
  );

  return new Response(null, {
    status: 204,
  });
}

export async function onRequestPut(context: RequestContext) {
  const kvResult: InactivityNoticeProps | null = await context.env.DATA.get(
    `inactivity_${context.params.id}`,
    { type: "json" },
  );

  if (!kvResult) return jsonError("No inactivity notice with that ID", 404);

  if (kvResult.user.id !== context.data.current_user.id)
    return jsonError(
      "You do not have permission to modify this inactivity notice",
      403,
    );

  const d1entry = await context.env.D1.prepare(
    "SELECT open FROM inactivity_notices WHERE id = ?;",
  )
    .bind(context.params.id)
    .run();

  if (!Boolean(d1entry.results.at(0)?.open))
    return jsonError("Cannot modify a closed inactivity notice", 403);

  const { departments, end, reason, start } = context.data.body;

  const validationFailureResponse = validateInactivityNotice(
    departments,
    end,
    reason,
    start,
    context.data.departments,
  );

  if (validationFailureResponse) return validationFailureResponse;

  kvResult.departments = departments;
  kvResult.end = end;
  kvResult.reason = reason;
  kvResult.start = start;

  await context.env.DATA.put(
    `inactivity_${context.params.id}`,
    JSON.stringify(kvResult),
    {
      expirationTtl: 63072000,
    },
  );

  return new Response(null, {
    status: 204,
  });
}