1import { NextRequest, NextResponse } from 'next/server';
2import { fieldpineServerApi } from '@/lib/server/fieldpineApi';
3import { getRequestContext, validateApiAccess } from '@/lib/server/sessionUtils';
6 * Stocktakes List Endpoint (ELINK API)
7 * GET /api/v1/buck/stocktakes?filter=current
9 * Uses ELINK API (retailmax.elink.stocktake.list)
10 * Security: Retail stores can access this (ELINK only)
12export async function GET(request: NextRequest) {
14 // 1. Get session and store context
15 const context = await getRequestContext(request);
17 if (!context || !context.isAuthenticated) {
18 return NextResponse.json(
19 { error: 'Authentication required' },
24 // 2. SECURITY: Validate ELINK access
25 const apiAccessValidation = validateApiAccess(context, 'elink');
26 if (!apiAccessValidation.valid) {
27 console.warn(`[API Security] ELINK access denied: ${apiAccessValidation.error}`);
28 return NextResponse.json(
30 error: apiAccessValidation.error,
31 code: apiAccessValidation.errorCode
37 // 3. Parse query parameters
38 const { searchParams } = new URL(request.url);
39 const filter = searchParams.get('filter') || 'current';
41 // 4. Build BUCK parameters for stocktake list
42 // Field reference: f116=stocktake status
43 const buckParams: Record<string, string> = {
44 '3': 'retailmax.elink.stocktake.list',
46 '99': Math.random().toString()
49 if (filter === 'current') {
50 buckParams['9'] = 'f116,0,current';
51 } else if (filter === 'complete') {
52 buckParams['9'] = 'f116,2,2'; // Flag bit 2 = complete
55 // 5. Make ELINK API call using singleton
56 // Use store-specific URL for API calls
57 const result = await fieldpineServerApi.buckApiCall(buckParams, context.session.apiKey, context.store.url);
59 return NextResponse.json({
65 } catch (error: any) {
66 console.error('[Stocktakes API] Error:', error);
67 return NextResponse.json(
68 { error: error.message || 'Failed to fetch stocktakes' },
1.14.0