diff --git a/pages/api/matching/createPosting.tsx b/pages/api/matching/createPosting.tsx new file mode 100644 index 00000000..fa6078a2 --- /dev/null +++ b/pages/api/matching/createPosting.tsx @@ -0,0 +1,60 @@ +import { firestore, auth } from 'firebase-admin'; +import { NextApiRequest, NextApiResponse } from 'next'; +import initializeApi from '../../../lib/admin/init'; +import { userIsAuthorized } from '../../../lib/authorization/check-authorization'; + +initializeApi(); +const db = firestore(); +const POSTINGS_COLLECTION = '/postings'; + +interface PostingData { + authorId: string; + postingId: string; + numberOfPeopleWanted: number; + skillSet: string; +} + +async function createPosting(req: NextApiRequest, res: NextApiResponse, authorId: string) { + try { + const postingData: PostingData = JSON.parse(req.body); + postingData.authorId = authorId; + + await db.collection(POSTINGS_COLLECTION).add(postingData); + return res.status(201).json({ + msg: 'Posting created', + }); + } catch (error) { + return res.status(500).json({ + msg: 'Unexpected error. Please try again later', + }); + } +} + +async function handlePostRequest(req: NextApiRequest, res: NextApiResponse) { + const userToken = req.headers['authorization'] as string; + const isAuthorized = await userIsAuthorized(userToken, ['hacker']); + const authorId = await auth().verifyIdToken(userToken); + + if (!isAuthorized) { + return res.status(403).json({ + statusCode: 403, + msg: 'Request is not authorized to perform admin functionality', + }); + } + + return createPosting(req, res, authorId.uid); +} + +export default function handler(req: NextApiRequest, res: NextApiResponse) { + const { method } = req; + switch (method) { + case 'POST': { + return handlePostRequest(req, res); + } + default: { + return res.status(404).json({ + msg: 'Route not found', + }); + } + } +} diff --git a/pages/api/matching/deletePosting.tsx b/pages/api/matching/deletePosting.tsx new file mode 100644 index 00000000..424c6f9d --- /dev/null +++ b/pages/api/matching/deletePosting.tsx @@ -0,0 +1,70 @@ +import { firestore, auth } from 'firebase-admin'; +import { NextApiRequest, NextApiResponse } from 'next'; +import initializeApi from '../../../lib/admin/init'; +import { userIsAuthorized } from '../../../lib/authorization/check-authorization'; + +initializeApi(); +const db = firestore(); +const POSTINGS_COLLECTION = '/postings'; + +interface PostingData { + authorId: string; + postingId: string; +} + +async function deletePosting(req: NextApiRequest, res: NextApiResponse, userId: string) { + try { + const postingData: PostingData = JSON.parse(req.body); + const snapshot = await db.collection(POSTINGS_COLLECTION).doc(postingData.postingId).get(); + + if (!snapshot.exists) { + return res.status(404).json({ + msg: 'Posting not found', + }); + } + + if (snapshot.data().authorId !== userId) { + return res.status(403).json({ + msg: 'User unauthorized to delete this posting because they are not the author', + }); + } + + await db.collection(POSTINGS_COLLECTION).doc(postingData.postingId).delete(); + + return res.status(200).json({ + msg: 'Posting deleted', + }); + } catch (error) { + return res.status(500).json({ + msg: 'Unexpected error. Please try again later', + }); + } +} + +async function handleDeletionRequest(req: NextApiRequest, res: NextApiResponse) { + const userToken = req.headers['authorization'] as string; + const isAuthorized = await userIsAuthorized(userToken, ['hacker']); + const userId = await auth().verifyIdToken(userToken); + + if (!isAuthorized) { + return res.status(403).json({ + msg: 'Request is not allowed to perform hacker functionality', + }); + } + + return deletePosting(req, res, userId.uid); +} + +export default function handler(req: NextApiRequest, res: NextApiResponse) { + const { method } = req; + switch (method) { + case 'POST': { + return handleDeletionRequest(req, res); + } + default: { + return res.status(404).json({ + msg: 'Route not found', + }); + } + } +}