v1_2elink_2staff_2route_8ts_source.html

import { NextRequest, NextResponse } from 'next/server';

import { fieldpineServerApi } from '@/lib/server/fieldpineApi';

import { getStoredAuth } from '@/lib/server/auth';


export async function GET(request: NextRequest) {

  try {

    const authData = await getStoredAuth();

    if (!authData || !authData.authenticated) {

      return NextResponse.json(

        { error: 'Authentication required' },

        { status: 401 }

      );

    }


    const clientId = request.headers.get('x-forwarded-for') ||

                    request.headers.get('x-real-ip') ||

                    authData.userId ||

                    'unknown';

    if (!fieldpineServerApi.checkClientRateLimit(clientId)) {

      return NextResponse.json(

        { error: 'Rate limit exceeded' },

        { status: 429 }

      );

    }


    const { searchParams } = new URL(request.url);

    const staffId = searchParams.get('id');

    const includeRights = searchParams.get('includeRights') === 'true';


    try {

      let buckParams: Record<string, string> = {

        "3": "retailmax.elink.staff.list",

        "10": "121-137,107,143", // Extended fields

      };


      if (staffId) {

        buckParams["9"] = `f100,0,${staffId}`;

      }


      if (includeRights) {

        buckParams["7"] = "203"; // Include rights

      }


      const staff = await fieldpineServerApi.buckApiCall(buckParams, authData.apiKey);


      return NextResponse.json({

        success: true,

        data: staff,

        source: 'elink'

      });


    } catch (error) {

      console.error('eLink staff error:', error);

      return NextResponse.json(

        { error: 'eLink endpoint unavailable', source: 'elink' },

        { status: 503 }

      );

    }


  } catch (error) {

    console.error('eLink staff error:', error);

    return NextResponse.json(

      { error: 'Failed to fetch staff' },

      { status: 500 }

    );

  }

}


export async function POST(request: NextRequest) {

  try {

    const authData = await getStoredAuth();

    if (!authData || !authData.authenticated) {

      return NextResponse.json(

        { error: 'Authentication required' },

        { status: 401 }

      );

    }


    const body = await request.json();


    // Build DATI XML for staff creation/update

    const datiFields: any = {

      f8_s: 'retailmax.elink.staff.edit',

      f11_B: body.id ? 'E' : 'I', // Edit or Insert

    };


    if (body.id) datiFields.f100_s = body.id.toString();

    if (body.name !== undefined) datiFields.f101_s = body.name;

    if (body.active !== undefined) datiFields.f102_s = body.active ? '1' : '0';

    if (body.password !== undefined) datiFields.f103_s = body.password;

    if (body.barcode !== undefined) datiFields.f107_s = body.barcode;

    if (body.formalName !== undefined) datiFields.f121_s = body.formalName;

    if (body.mainLocation !== undefined) datiFields.f122_s = body.mainLocation;

    if (body.printedName !== undefined) datiFields.f123_s = body.printedName;

    if (body.firstName !== undefined) datiFields.f124_s = body.firstName;

    if (body.lastName !== undefined) datiFields.f125_s = body.lastName;

    if (body.nickName !== undefined) datiFields.f126_s = body.nickName;

    if (body.startDate !== undefined) datiFields.f127_s = body.startDate;

    if (body.leaveDate !== undefined) datiFields.f128_s = body.leaveDate;

    if (body.privateEmail !== undefined) datiFields.f130_s = body.privateEmail;

    if (body.workEmail !== undefined) datiFields.f131_s = body.workEmail;

    if (body.onlineLogin !== undefined) datiFields.f133_s = body.onlineLogin;

    if (body.isCustomerRep !== undefined) datiFields.f134_E = body.isCustomerRep ? '1' : '0';

    if (body.isAccountRep !== undefined) datiFields.f135_E = body.isAccountRep ? '1' : '0';

    if (body.remoteProfile !== undefined) datiFields.f136_s = body.remoteProfile.toString();

    if (body.autoLoginFrom !== undefined) datiFields.f137_s = body.autoLoginFrom;

    if (body.onlinePassword !== undefined) datiFields.f141_s = body.onlinePassword;

    if (body.loginWhere !== undefined) datiFields.f143_E = body.loginWhere.toString();


    // Build XML

    const xmlLines = ['<DATI>'];

    for (const [key, value] of Object.entries(datiFields)) {

      xmlLines.push(`  <${key}>${escapeXml(value as string)}</${key}>`);

    }


    // Add roles if provided

    if (body.roles && Array.isArray(body.roles)) {

      body.roles.forEach((roleId: number) => {

        xmlLines.push(`  <f500_E>${roleId}</f500_E>`);

      });

    }


    xmlLines.push('</DATI>');

    const xml = xmlLines.join('\n');


    console.log('Creating/Updating staff with XML:', xml);


    const response = await fieldpineServerApi.datiApiCall(xml, authData.apiKey);


    if (response.success) {

      return NextResponse.json({

        success: true,

        data: response.data,

        message: body.id ? 'Staff updated successfully' : 'Staff created successfully',

      });

    } else {

      return NextResponse.json(

        { success: false, error: response.error || 'Operation failed' },

        { status: 500 }

      );

    }

  } catch (error: any) {

    console.error('Error saving staff:', error);

    return NextResponse.json(

      { success: false, error: error.message || 'Failed to save staff' },

      { status: 500 }

    );

  }

}


function escapeXml(str: string): string {

  if (!str) return '';

  return str

    .replace(/&/g, '&amp;')

    .replace(/</g, '&lt;')

    .replace(/>/g, '&gt;')

    .replace(/"/g, '&quot;')

    .replace(/'/g, '&apos;');

}