EverydayTech Platform - Developer Reference
Complete Source Code Documentation - All Applications
Loading...
Searching...
No Matches
route.ts
Go to the documentation of this file.
1import { NextRequest, NextResponse } from 'next/server';
2import { fieldpineServerApi } from '@/lib/server/fieldpineApi';
3import { cookies } from 'next/headers';
4
5// Verify session middleware
6async function verifySession(request: NextRequest) {
7 const cookieStore = await cookies();
8 const sessionCookie = cookieStore.get('fieldpine-session');
9
10 if (!sessionCookie) {
11 return null;
12 }
13
14 try {
15 const session = JSON.parse(sessionCookie.value);
16 const now = Date.now();
17 const sessionAge = now - session.timestamp;
18 const maxAge = 8 * 60 * 60 * 1000; // 8 hours
19
20 if (sessionAge > maxAge || !session.authenticated) {
21 return null;
22 }
23
24 return session;
25 } catch {
26 return null;
27 }
28}
29
30export async function GET(request: NextRequest) {
31 try {
32 // Verify authentication
33 const session = await verifySession(request);
34 if (!session) {
35 return NextResponse.json(
36 { error: 'Unauthorized' },
37 { status: 401 }
38 );
39 }
40
41 // Rate limiting - Get client IP from headers
42 const clientId = request.headers.get('x-forwarded-for') ||
43 request.headers.get('x-real-ip') ||
44 request.headers.get('cf-connecting-ip') ||
45 session.userId ||
46 'unknown';
47 if (!fieldpineServerApi.checkClientRateLimit(clientId)) {
48 return NextResponse.json(
49 { error: 'Rate limit exceeded' },
50 { status: 429 }
51 );
52 }
53
54 // Parse query parameters
55 const { searchParams } = new URL(request.url);
56 const params = {
57 limit: searchParams.get('limit') ? parseInt(searchParams.get('limit')!) : undefined
58 };
59
60 // Return demo locations data for now
61 const locations = {
62 locations: [
63 { id: 1, name: "Main Store", address: "123 Main St", city: "Sydney" },
64 { id: 2, name: "Mall Location", address: "456 Shopping Ave", city: "Melbourne" }
65 ]
66 };
67
68 return NextResponse.json({ success: true, data: locations });
69
70 } catch (error) {
71 console.error('Locations API error:', error);
72 return NextResponse.json(
73 { error: 'Failed to fetch locations' },
74 { status: 500 }
75 );
76 }
77}
78
79export async function POST(request: NextRequest) {
80 return NextResponse.json(
81 { error: 'Method not allowed' },
82 { status: 405 }
83 );
84}