1import { NextRequest, NextResponse } from 'next/server';
2import { fieldpineServerApi } from '@/lib/server/fieldpineApi';
3import { getStoredAuth } from '@/lib/server/auth';
5export async function GET(request: NextRequest) {
7 const authData = await getStoredAuth();
8 if (!authData || !authData.authenticated) {
9 return NextResponse.json(
10 { error: 'Authentication required' },
15 const clientId = request.headers.get('x-forwarded-for') ||
16 request.headers.get('x-real-ip') ||
19 if (!fieldpineServerApi.checkClientRateLimit(clientId)) {
20 return NextResponse.json(
21 { error: 'Rate limit exceeded' },
26 const { searchParams } = new URL(request.url);
27 const employeeId = searchParams.get('id');
30 let buckParams: Record<string, string> = {
31 "3": "retailmax.elink.employee.list",
32 "10": "113", // Extended fields
37 buckParams["9"] = `f100,0,${employeeId}`;
40 const employees = await fieldpineServerApi.buckApiCall(buckParams, authData.apiKey);
42 return NextResponse.json({
49 console.error('eLink employee error:', error);
50 return NextResponse.json(
51 { error: 'eLink endpoint unavailable', source: 'elink' },
57 console.error('eLink employee error:', error);
58 return NextResponse.json(
59 { error: 'Failed to fetch employees' },
65export async function POST(request: NextRequest) {
67 const authData = await getStoredAuth();
68 if (!authData || !authData.authenticated) {
69 return NextResponse.json(
70 { error: 'Authentication required' },
75 const body = await request.json();
77 // Build DATI XML for employee creation/update
78 const datiFields: any = {
79 f8_s: 'retailmax.elink.employee.edit',
80 f11_B: body.id ? 'E' : 'I', // Edit or Insert
83 if (body.id) datiFields.f100_E = body.id.toString();
84 if (body.shortName !== undefined) datiFields.f101_s = body.shortName;
85 if (body.fullName !== undefined) datiFields.f102_s = body.fullName;
86 if (body.posLoginId !== undefined) datiFields.f103_s = body.posLoginId;
87 if (body.startDate !== undefined) datiFields.f104_s = body.startDate;
88 if (body.endDate !== undefined) datiFields.f105_s = body.endDate;
89 if (body.mainLocation !== undefined) datiFields.f106_s = body.mainLocation;
90 if (body.jobTitle !== undefined) datiFields.f107_s = body.jobTitle;
91 if (body.jobCode !== undefined) datiFields.f108_s = body.jobCode;
92 if (body.departmentId !== undefined) datiFields.f109_s = body.departmentId;
93 if (body.externalId !== undefined) datiFields.f110_s = body.externalId;
94 if (body.nztaUid !== undefined) datiFields.f114_s = body.nztaUid;
97 const xmlLines = ['<DATI>'];
98 for (const [key, value] of Object.entries(datiFields)) {
99 xmlLines.push(` <${key}>${escapeXml(value as string)}</${key}>`);
101 xmlLines.push('</DATI>');
102 const xml = xmlLines.join('\n');
104 console.log('Creating/Updating employee with XML:', xml);
106 const response = await fieldpineServerApi.datiApiCall(xml, authData.apiKey);
108 if (response.success) {
109 return NextResponse.json({
112 message: body.id ? 'Employee updated successfully' : 'Employee created successfully',
115 return NextResponse.json(
116 { success: false, error: response.error || 'Operation failed' },
120 } catch (error: any) {
121 console.error('Error saving employee:', error);
122 return NextResponse.json(
123 { success: false, error: error.message || 'Failed to save employee' },
129function escapeXml(str: string): string {
132 .replace(/&/g, '&')
133 .replace(/</g, '<')
134 .replace(/>/g, '>')
135 .replace(/"/g, '"')
136 .replace(/'/g, ''');
1.14.0