feat: Implemented create and delete postings for team matching api

pages/api/matching/createPosting.tsx

@@ -0,0 +1,60 @@
+import { firestore, auth } from 'firebase-admin';
+import { NextApiRequest, NextApiResponse } from 'next';
+import initializeApi from '../../../lib/admin/init';
+import { userIsAuthorized } from '../../../lib/authorization/check-authorization';
+
+initializeApi();
+const db = firestore();
+const POSTINGS_COLLECTION = '/postings';
+
+interface PostingData {
+  authorId: string;
+  postingId: string;
+  numberOfPeopleWanted: number;
+  skillSet: string;
+}
+
+async function createPosting(req: NextApiRequest, res: NextApiResponse, authorId: string) {
+  try {
+    const postingData: PostingData = JSON.parse(req.body);
+    postingData.authorId = authorId;
+
+    await db.collection(POSTINGS_COLLECTION).add(postingData);
+    return res.status(201).json({
+      msg: 'Posting created',
+    });
+  } catch (error) {
+    return res.status(500).json({
+      msg: 'Unexpected error. Please try again later',
+    });
+  }
+}
+
+async function handlePostRequest(req: NextApiRequest, res: NextApiResponse) {
+  const userToken = req.headers['authorization'] as string;
+  const isAuthorized = await userIsAuthorized(userToken, ['hacker']);
+  const authorId = await auth().verifyIdToken(userToken);
+
+  if (!isAuthorized) {
+    return res.status(403).json({
+      statusCode: 403,
+      msg: 'Request is not authorized to perform admin functionality',
+    });
+  }
+
+  return createPosting(req, res, authorId.uid);
+}
+
+export default function handler(req: NextApiRequest, res: NextApiResponse) {
+  const { method } = req;
+  switch (method) {
+    case 'POST': {
+      return handlePostRequest(req, res);
+    }
+    default: {
+      return res.status(404).json({
+        msg: 'Route not found',
+      });
+    }
+  }
+}

pages/api/matching/deletePosting.tsx

@@ -0,0 +1,70 @@
+import { firestore, auth } from 'firebase-admin';
+import { NextApiRequest, NextApiResponse } from 'next';
+import initializeApi from '../../../lib/admin/init';
+import { userIsAuthorized } from '../../../lib/authorization/check-authorization';
+
+initializeApi();
+const db = firestore();
+const POSTINGS_COLLECTION = '/postings';
+
+interface PostingData {
+  authorId: string;
+  postingId: string;
+}
+
+async function deletePosting(req: NextApiRequest, res: NextApiResponse, userId: string) {
+  try {
+    const postingData: PostingData = JSON.parse(req.body);
+    const snapshot = await db.collection(POSTINGS_COLLECTION).doc(postingData.postingId).get();
+
+    if (!snapshot.exists) {
+      return res.status(404).json({
+        msg: 'Posting not found',
+      });
+    }
+
+    if (snapshot.data().authorId !== userId) {
+      return res.status(403).json({
+        msg: 'User unauthorized to delete this posting because they are not the author',
+      });
+    }
+
+    await db.collection(POSTINGS_COLLECTION).doc(postingData.postingId).delete();
+
+    return res.status(200).json({
+      msg: 'Posting deleted',
+    });
+  } catch (error) {
+    return res.status(500).json({
+      msg: 'Unexpected error. Please try again later',
+    });
+  }
+}
+
+async function handleDeletionRequest(req: NextApiRequest, res: NextApiResponse) {
+  const userToken = req.headers['authorization'] as string;
+  const isAuthorized = await userIsAuthorized(userToken, ['hacker']);
+  const userId = await auth().verifyIdToken(userToken);
+
+  if (!isAuthorized) {
+    return res.status(403).json({
+      msg: 'Request is not allowed to perform hacker functionality',
+    });
+  }
+
+  return deletePosting(req, res, userId.uid);
+}
+
+export default function handler(req: NextApiRequest, res: NextApiResponse) {
+  const { method } = req;
+  switch (method) {
+    case 'POST': {
+      return handleDeletionRequest(req, res);
+    }
+    default: {
+      return res.status(404).json({
+        msg: 'Route not found',
+      });
+    }
+  }
+}