All files / web/src/app/api/observe/[token] route.ts

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
import { NextResponse } from 'next/server'
import { eq } from 'drizzle-orm'
import { db } from '@/db'
import { players, sessionPlans } from '@/db/schema'
import { withAuth } from '@/lib/auth/withAuth'
import { validateSessionShare } from '@/lib/session-share'

/**
 * GET /api/observe/[token]
 * Validate a share token and return session/player info
 *
 * This endpoint does NOT require authentication - anyone with the token can access it.
 */
export const GET = withAuth(async (_request, { params }) => {
  const { token } = (await params) as { token: string }

  try {
    // Validate the token
    const validation = await validateSessionShare(token)

    if (!validation.valid || !validation.share) {
      return NextResponse.json(
        {
          valid: false,
          error: validation.error || 'Invalid share link',
        },
        { status: 404 }
      )
    }

    const share = validation.share

    // Get the session
    const sessions = await db
      .select()
      .from(sessionPlans)
      .where(eq(sessionPlans.id, share.sessionId))
      .limit(1)

    const session = sessions[0]
    if (!session) {
      return NextResponse.json(
        {
          valid: false,
          error: 'Session not found',
        },
        { status: 404 }
      )
    }

    // Check if session is still active
    if (session.completedAt) {
      return NextResponse.json(
        {
          valid: false,
          error: 'Session has ended',
        },
        { status: 410 } // Gone
      )
    }

    if (!session.startedAt) {
      return NextResponse.json(
        {
          valid: false,
          error: 'Session has not started yet',
        },
        { status: 425 } // Too Early
      )
    }

    // Get the player info
    const playerResults = await db
      .select({
        id: players.id,
        name: players.name,
        emoji: players.emoji,
        color: players.color,
      })
      .from(players)
      .where(eq(players.id, share.playerId))
      .limit(1)

    const player = playerResults[0]
    if (!player) {
      return NextResponse.json(
        {
          valid: false,
          error: 'Player not found',
        },
        { status: 404 }
      )
    }

    return NextResponse.json({
      valid: true,
      session: {
        id: session.id,
        playerId: session.playerId,
        startedAt:
          session.startedAt instanceof Date ? session.startedAt.getTime() : session.startedAt,
      },
      player: {
        id: player.id,
        name: player.name,
        emoji: player.emoji,
        color: player.color,
      },
      expiresAt: share.expiresAt instanceof Date ? share.expiresAt.getTime() : share.expiresAt,
    })
  } catch (error) {
    console.error('Error validating share token:', error)
    return NextResponse.json(
      {
        valid: false,
        error: 'Failed to validate share link',
      },
      { status: 500 }
    )
  }
})