@devvistatech/devvista-kit 0.0.12 → 0.0.13

package/app/api/sync-user/route.ts

@@ -1,132 +1,306 @@
 import { NextRequest, NextResponse } from "next/server";
 import { getAuth } from "@clerk/nextjs/server";
+import crypto from "crypto";
 
+// GET handler for /api/sync-user: Retrieves a Strapi user by Clerk authId (user ID).
+// This is called from the client to check if a user exists in Strapi.
+export async function GET(req: NextRequest) {
+  // Retrieve the allowed origin for CORS from environment variables, default to 'http://localhost:3000'. TODO: add development mode check
+  const allowedOrigin = process.env.NEXT_PUBLIC_BASE_URL || 'http://localhost:3000';
+  // Environment variables for Strapi API integration.
+  const STRAPI_USER_LIST_API_URL = process.env.STRAPI_USER_LIST_API_URL;
+  const STRAPI_API_TOKEN = process.env.STRAPI_API_TOKEN;
+  // Extract the authId (Clerk user ID) from query parameters.
+  const authId = req.nextUrl.searchParams.get("authId");
+
+  // Validate required environment variables and authId; return 500 if missing.
+  if (!STRAPI_USER_LIST_API_URL || !STRAPI_API_TOKEN || !authId) {
+    console.error("GET /api/sync-user: Missing environment variables or authId", {
+      hasBaseUrl: !!allowedOrigin,
+      hasStrapiUrl: !!STRAPI_USER_LIST_API_URL,
+      hasStrapiToken: !!STRAPI_API_TOKEN,
+      hasAuthId: !!authId,
+      timestamp: new Date().toISOString(),
+    });
+    return NextResponse.json({ error: "Server configuration error or missing authId" }, { status: 500 });
+  }
+
+  // Set CORS headers for the response.
+  const headers = new Headers({
+    "Access-Control-Allow-Origin": allowedOrigin,
+    "Access-Control-Allow-Methods": "GET",
+    "Access-Control-Allow-Headers": "Content-Type, Authorization",
+  });
+
+  try {
+    // Fetch the user from Strapi using the authId filter.
+    const checkResponse = await fetch(
+      `${STRAPI_USER_LIST_API_URL}?filters[authId][$eq]=${encodeURIComponent(authId)}`,
+      {
+        headers: {
+          Authorization: `Bearer ${STRAPI_API_TOKEN}`,
+          "Content-Type": "application/json",
+        },
+      }
+    );
+
+    // If Strapi fetch fails, log and return the error status.
+    if (!checkResponse.ok) {
+      console.error("GET /api/sync-user: Failed to fetch Strapi user", {
+        status: checkResponse.status,
+        timestamp: new Date().toISOString(),
+      });
+      return NextResponse.json({ error: "Failed to fetch user" }, { status: checkResponse.status, headers });
+    }
+
+    // Parse the Strapi response.
+    const checkResult = await checkResponse.json();
+    // If a user is found (data array has at least one item), return the user data.
+    if (checkResult.data && checkResult.data.length > 0) {
+      const existingUser = checkResult.data[0];
+      // Return a sanitized version of the user object, excluding sensitive fields.
+      return NextResponse.json(
+        {
+          id: existingUser.id,
+          username: existingUser.username,
+          email: existingUser.email,
+          authId: existingUser.authId,
+          businessAdminId: existingUser.businessAdminId,
+          userRole: existingUser.userRole,
+          isAdmin: existingUser.isAdmin || false,
+          firstName: existingUser.firstName,
+          lastName: existingUser.lastName,
+          businessId: existingUser.businessId,
+          dateJoined: existingUser.dateJoined,
+          businessOwner: existingUser.businessOwner,
+          userStatus: existingUser.userStatus,
+          timezone: existingUser.timezone,
+          language: existingUser.language,
+          isVerified: existingUser.isVerified,
+          authProvider: existingUser.authProvider,
+          businessTitle: existingUser.businessTitle,
+          userTitle: existingUser.userTitle,
+          number: existingUser.number,
+          address: existingUser.address,
+          websiteUrl: existingUser.websiteUrl,
+          primaryBusinessColor: existingUser.primaryBusinessColor,
+          secondaryBusinessColor: existingUser.secondaryBusinessColor,
+          logoImage: existingUser.logoImage,
+        },
+        { status: 200, headers }
+      );
+    }
+    // If no user found, return 404.
+    return NextResponse.json({ error: "User not found" }, { status: 404, headers });
+  } catch (error) {
+    // Catch any unexpected errors, log them, and return 500.
+    console.error("GET /api/sync-user: Error:", {
+      error: error instanceof Error ? error.message : "Unknown error",
+      timestamp: new Date().toISOString(),
+    });
+    return NextResponse.json(
+      { error: "Internal server error", details: error instanceof Error ? error.message : "Unknown error" },
+      { status: 500, headers }
+    );
+  }
+}
+
+// POST handler for /api/sync-user: Verifies the current Clerk user and checks for existing Strapi user.
+// This seems to be used for post-signup verification rather than creation (creation is handled elsewhere).
 export async function POST(req: NextRequest) {
+  // Retrieve the allowed origin for CORS.
+  const allowedOrigin = process.env.NEXT_PUBLIC_BASE_URL;
+  if (!allowedOrigin) {
+    console.error("NEXT_PUBLIC_BASE_URL not configured", { timestamp: new Date().toISOString() });
+    return NextResponse.json({ error: "Server configuration error: Missing base URL" }, { status: 500 });
+  }
+
+  // Set CORS headers for POST requests.
+  const headers = new Headers({
+    "Access-Control-Allow-Origin": allowedOrigin,
+    "Access-Control-Allow-Methods": "POST",
+    "Access-Control-Allow-Headers": "Content-Type, Authorization",
+  });
+
+  // Handle preflight OPTIONS request for CORS.
+  if (req.method === "OPTIONS") {
+    return new NextResponse(null, { status: 204, headers });
+  }
+
+  // Get the authenticated user ID from Clerk middleware.
   const { userId } = getAuth(req);
   if (!userId) {
-    console.error("No userId, returning 401");
-    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+    console.error("No userId found", { timestamp: new Date().toISOString() });
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401, headers });
+  }
+
+  // Generate a unique request ID for logging.
+  const requestId = crypto.randomUUID();
+
+  // Parse the request body (expected to contain authId, email, username).
+  let body;
+  try {
+    body = await req.json();
+  } catch (error) {
+    console.warn("Failed to parse request body", { requestId, error, timestamp: new Date().toISOString() });
+    return NextResponse.json({ error: "Invalid request body" }, { status: 400, headers });
+  }
+
+  // Extract required fields from body.
+  const { authId, email, username } = body;
+
+  // Validate required fields; return 400 if missing.
+  if (!authId || !email || !username) {
+    console.error("Missing required fields", { requestId, body, timestamp: new Date().toISOString() });
+    return NextResponse.json({ error: "Missing required fields" }, { status: 400, headers });
   }
 
-  const clerkUserData = await req.json();
+  // Environment variables for integrations.
   const STRAPI_USER_LIST_API_URL = process.env.STRAPI_USER_LIST_API_URL;
   const STRAPI_API_TOKEN = process.env.STRAPI_API_TOKEN;
   const CLERK_SECRET_KEY = process.env.CLERK_SECRET_KEY;
 
+  // Validate environment variables; return 500 if missing.
   if (!STRAPI_USER_LIST_API_URL || !STRAPI_API_TOKEN || !CLERK_SECRET_KEY) {
-    console.error("Missing environment variables:", {
-      STRAPI_USER_LIST_API_URL,
-      STRAPI_API_TOKEN: !!STRAPI_API_TOKEN,
-      CLERK_SECRET_KEY: !!CLERK_SECRET_KEY,
+    console.error("Missing environment variables", {
+      requestId,
+      hasStrapiUrl: !!STRAPI_USER_LIST_API_URL,
+      hasStrapiToken: !!STRAPI_API_TOKEN,
+      hasClerkSecret: !!CLERK_SECRET_KEY,
+      timestamp: new Date().toISOString(),
     });
-    return NextResponse.json(
-      { error: "Server configuration error: Missing required environment variables" },
-      { status: 500 }
-    );
+    return NextResponse.json({ error: "Server configuration error" }, { status: 500, headers });
   }
 
   try {
+    // Fetch the full Clerk user details using the userId from middleware (with 5s timeout).
+    const clerkController = new AbortController();
+    const clerkTimeout = setTimeout(() => clerkController.abort(), 5000);
     const clerkResponse = await fetch(`https://api.clerk.dev/v1/users/${userId}`, {
-      headers: { Authorization: `Bearer ${CLERK_SECRET_KEY}` },
+      headers: {
+        Authorization: `Bearer ${CLERK_SECRET_KEY}`,
+        "Content-Type": "application/json",
+      },
+      signal: clerkController.signal,
     });
+    clearTimeout(clerkTimeout);
+
+    // If Clerk fetch fails, log and return 500.
     if (!clerkResponse.ok) {
       const errorText = await clerkResponse.text();
-      console.error("Clerk fetch failed:", clerkResponse.status, errorText);
-      throw new Error(`Failed to fetch Clerk user: ${clerkResponse.status}`);
+      console.error("Failed to fetch Clerk user", {
+        requestId,
+        status: clerkResponse.status,
+        errorText,
+        timestamp: new Date().toISOString(),
+      });
+      return NextResponse.json({ error: "Failed to verify user" }, { status: 500, headers });
     }
-    const clerkUser = await clerkResponse.json();
 
-    const userResponse = await fetch(
-      `${STRAPI_USER_LIST_API_URL}?filters[authId][$eq]=${userId}&filters[userRole][$eq]=admin`,
-      {
-        headers: {
-          Authorization: `Bearer ${STRAPI_API_TOKEN}`,
-          "Content-Type": "application/json",
-        },
-      }
-    );
-    if (!userResponse.ok) {
-      const errorText = await userResponse.text();
-      console.error("Strapi user fetch error:", errorText);
-      throw new Error(`Failed to fetch user-lists for admin check: ${userResponse.status}`);
+    // Parse Clerk user and ensure an email exists.
+    const clerkUser = await clerkResponse.json();
+    if (!clerkUser.email_addresses?.[0]?.email_address) {
+      console.error("No email found for user", { requestId, userId, timestamp: new Date().toISOString() });
+      return NextResponse.json({ error: "User email not found" }, { status: 400, headers });
     }
-    const userData = await userResponse.json();
-    const isAdmin = userData.data?.length > 0;
-
-    const strapiUserData = {
-      authId: userId,
-      authProvider: "clerk",
-      email: clerkUser.email_addresses[0]?.email_address || clerkUserData.emailAddresses[0]?.emailAddress,
-      username:
-        clerkUser.username ||
-        clerkUser.email_addresses[0]?.email_address.split("@")[0] ||
-        clerkUserData.emailAddresses[0]?.emailAddress.split("@")[0],
-      businessAdminId: isAdmin ? (userData.data[0]?.businessAdminId || clerkUser.public_metadata?.businessAdminId || "") : clerkUser.public_metadata?.businessAdminId || "",
-      userRole: isAdmin ? "admin" : clerkUser.public_metadata?.userRole || "user",
-      isVerified: clerkUser.email_addresses[0]?.verification?.status === "verified" || false,
-      firstName: clerkUser.first_name || "",
-      lastName: clerkUser.last_name || "",
-      businessOwner: isAdmin ? (userData.data[0]?.businessOwner || clerkUser.public_metadata?.businessOwner || false) : clerkUser.public_metadata?.businessOwner || false,
-      userStatus: "active",
-    };
-
-    const existingUsersResponse = await fetch(
-      `${STRAPI_USER_LIST_API_URL}?filters[authId][$eq]=${userId}`,
+
+    // Fetch Strapi user by authId (with 5s timeout).
+    const authIdController = new AbortController();
+    const authIdTimeout = setTimeout(() => authIdController.abort(), 5000);
+    const authIdResponse = await fetch(
+      `${STRAPI_USER_LIST_API_URL}?filters[authId][$eq]=${encodeURIComponent(authId)}`,
       {
         headers: {
           Authorization: `Bearer ${STRAPI_API_TOKEN}`,
           "Content-Type": "application/json",
         },
+        signal: authIdController.signal,
       }
     );
-    if (!existingUsersResponse.ok) {
-      const errorText = await existingUsersResponse.text();
-      console.error("Strapi fetch error:", errorText);
-      throw new Error(`Failed to fetch user-lists: ${existingUsersResponse.status}`);
-    }
+    clearTimeout(authIdTimeout);
 
-    const existingUsers = await existingUsersResponse.json();
-    const existingUser = existingUsers.data?.[0];
-
-    let strapiUser;
-    if (existingUser) {
-      const updateUrl = `${STRAPI_USER_LIST_API_URL}/${existingUser.documentId}`;
-      const updateResponse = await fetch(updateUrl, {
-        method: "PUT",
-        headers: {
-          Authorization: `Bearer ${STRAPI_API_TOKEN}`,
-          "Content-Type": "application/json",
-        },
-        body: JSON.stringify({ data: strapiUserData }),
+    // If Strapi fetch fails, log and return 500.
+    if (!authIdResponse.ok) {
+      const errorText = await authIdResponse.text();
+      console.error("Failed to fetch Strapi user by authId", {
+        requestId,
+        status: authIdResponse.status,
+        errorText,
+        timestamp: new Date().toISOString(),
       });
-      const strapiUserDataResponse = await updateResponse.json();
-      if (!updateResponse.ok) {
-        console.error("Update failed:", updateResponse.status, strapiUserDataResponse);
-        throw new Error(`Failed to update user: ${updateResponse.status}`);
-      }
-      strapiUser = strapiUserDataResponse.data?.attributes || strapiUserDataResponse.data;
-    } else {
-      const createResponse = await fetch(`${STRAPI_USER_LIST_API_URL}`, {
-        method: "POST",
-        headers: {
-          Authorization: `Bearer ${STRAPI_API_TOKEN}`,
-          "Content-Type": "application/json",
+      return NextResponse.json({ error: "Failed to verify Strapi user" }, { status: 500, headers });
+    }
+
+    // Parse Strapi response.
+    const authIdResult = await authIdResponse.json();
+    // If user exists, return the sanitized user data (similar to GET).
+    if (authIdResult.data && authIdResult.data.length > 0) {
+      const existingUser = authIdResult.data[0];
+      return NextResponse.json(
+        {
+          id: existingUser.id,
+          username: existingUser.username,
+          email: existingUser.email,
+          authId: existingUser.authId,
+          businessAdminId: existingUser.businessAdminId,
+          userRole: existingUser.userRole,
+          isAdmin: existingUser.isAdmin || false,
+          firstName: existingUser.firstName,
+          lastName: existingUser.lastName,
+          businessId: existingUser.businessId,
+          dateJoined: existingUser.dateJoined,
+          businessOwner: existingUser.businessOwner,
+          userStatus: existingUser.userStatus,
+          timezone: existingUser.timezone,
+          language: existingUser.language,
+          isVerified: existingUser.isVerified,
+          authProvider: existingUser.authProvider,
+          businessTitle: existingUser.businessTitle,
+          userTitle: existingUser.userTitle,
+          number: existingUser.number,
+          address: existingUser.address,
+          websiteUrl: existingUser.websiteUrl,
+          primaryBusinessColor: existingUser.primaryBusinessColor,
+          secondaryBusinessColor: existingUser.secondaryBusinessColor,
+          logoImage: existingUser.logoImage,
         },
-        body: JSON.stringify({ data: strapiUserData }),
-      });
-      if (!createResponse.ok) {
-        const errorText = await createResponse.text();
-        console.error("Create failed:", createResponse.status, errorText);
-        throw new Error(`Failed to create user: ${createResponse.status}`);
-      }
-      const responseData = await createResponse.json();
-      strapiUser = responseData.data?.attributes || responseData.data;
+        { status: 200, headers }
+      );
     }
 
-    return NextResponse.json(strapiUser, { status: 200 });
+    // If no user found, log warning and return 404.
+    console.warn("No Strapi user found for authId", { requestId, authId, timestamp: new Date().toISOString() });
+    return NextResponse.json({ error: "User not found in Strapi" }, { status: 404, headers });
   } catch (error) {
-    console.error("Error syncing user to Strapi:", error);
-    const errorMessage = error instanceof Error ? error.message : "Failed to sync user to Strapi";
-    return NextResponse.json({ error: errorMessage }, { status: 500 });
+    // Catch any errors (e.g., timeouts, network issues), log, and return 500.
+    console.error("Error verifying or syncing user", {
+      requestId,
+      error: error instanceof Error ? error.message : "Unknown error",
+      timestamp: new Date().toISOString(),
+    });
+    return NextResponse.json({ error: "Internal server error" }, { status: 500, headers });
   }
-}
+}
+
+// Next.js API route configuration: Enable body parsing for JSON requests.
+export const config = {
+  api: {
+    bodyParser: true,
+  },
+};
+
+// Helper function to determine allowedOrigin based on environment
+function getAllowedOrigin(): string {
+  const baseUrl = process.env.NEXT_PUBLIC_BASE_URL;
+
+  if (baseUrl) {
+    return baseUrl;
+  }
+
+  if (process.env.NODE_ENV === 'development') {
+    return 'http://localhost:3000';  // Or '*' for even more flexibility in dev
+  }
+
+  // In production, fail explicitly if not set (prevents accidental '*' usage)
+  throw new Error('NEXT_PUBLIC_BASE_URL must be set in production');
+}

package/app/api/verify-admin/route.ts

@@ -0,0 +1,46 @@
+import { NextRequest, NextResponse } from "next/server";
+import { StrapiUser } from "@/lib/types";
+
+export async function POST(req: NextRequest) {
+  try {
+    const { authId } = await req.json();
+    if (!authId) {
+      return NextResponse.json({ error: "authId is required" }, { status: 400 });
+    }
+
+    const response = await fetch(
+      `${process.env.STRAPI_USER_LIST_API_URL}?filters[authId][$eq]=${encodeURIComponent(authId)}`,
+      {
+        headers: {
+          Authorization: `Bearer ${process.env.STRAPI_API_TOKEN}`,
+          "Content-Type": "application/json",
+        },
+      }
+    );
+
+    if (!response.ok) {
+      const errorData = await response.json();
+      console.error("POST /api/verify-admin: Strapi fetch error:", { error: errorData, status: response.status, timestamp: new Date().toISOString() });
+      return NextResponse.json({ error: errorData.error || "Failed to fetch user" }, { status: response.status });
+    }
+
+    const result = await response.json();
+
+    const user: StrapiUser | null = result.data?.[0]?.attributes || result.data?.[0] || null;
+
+    if (!user) {
+      return NextResponse.json({ error: "User not found" }, { status: 404 });
+    }
+
+    const isAdmin =
+      !!user.businessAdminId &&
+      user.businessAdminId === process.env.ADMIN_BUSINESS_ID &&
+      user.userRole === "admin" &&
+      user.businessOwner === true;
+
+    return NextResponse.json({ isAdmin });
+  } catch (error) {
+    console.error("POST /api/verify-admin: Error:", { error: error instanceof Error ? error.message : "Unknown error", timestamp: new Date().toISOString() });
+    return NextResponse.json({ error: "Internal Server Error" }, { status: 500 });
+  }
+}