v1_2inventory_2stock-levels_2route_8ts_source.html

import { NextRequest, NextResponse } from 'next/server';

import { getRequestContext, validateApiAccess } from '@/lib/server/sessionUtils';


/**

 * Store Stock Levels API

 * GET /api/v1/inventory/stock-levels

 *

 * Returns current stock levels across all locations (or filtered by location)

 * Uses Fieldpine's SQL3 endpoint

 */

export async function GET(request: NextRequest) {

  try {

    // 1. Get session and store context

    const context = await getRequestContext(request);


    if (!context || !context.isAuthenticated) {

      return NextResponse.json(

        { error: 'Authentication required' },

        { status: 401 }

      );

    }


    // 2. SECURITY: Validate API access

    const apiAccessValidation = validateApiAccess(context, 'elink');

    if (!apiAccessValidation.valid) {

      console.warn(`[Stock Levels API] Access denied: ${apiAccessValidation.error}`);

      return NextResponse.json(

        {

          error: apiAccessValidation.error,

          code: apiAccessValidation.errorCode

        },

        { status: 403 }

      );

    }


    // 3. Parse query parameters

    const { searchParams } = new URL(request.url);

    const locationId = searchParams.get('locationId');

    const minQty = searchParams.get('minQty') || '0';

    const includeZero = searchParams.get('includeZero') === 'true';


    console.log('[Stock Levels API] Request params:', { locationId, minQty, includeZero });


    // 4. Build SQL query

    let sqlQuery = `

      select

        l.name as [locname],

        i.pid as [pid],

        i.qoh as [qoh],

        p.description as [descrip],

        p.plucode as [sku],

        p.manupartcode as [partcode]

      from

        products_inventory i,

        products p,

        locations l

      where

        i.pid = p.pid

        and i.location_id = l.location_id

    `.trim();


    // Add filters

    if (!includeZero) {

      sqlQuery += ' and i.qoh <> 0';

    }


    if (locationId) {

      sqlQuery += ` and l.location_id = ${parseInt(locationId)}`;

    }


    sqlQuery += ' order by i.qoh desc';


    console.log('[Stock Levels API] SQL:', sqlQuery);


    // 5. Make SQL3 API call

    const encodedQuery = encodeURIComponent(sqlQuery);

    const url = `${context.store.url}/GNAP/J/SQL3?19=${encodedQuery}`;


    const response = await fetch(url, {

      method: 'GET',

      headers: {

        'Cookie': `FieldpineApiKey=${context.session.apiKey}`,

        'Accept': 'application/json'

      }

    });


    if (!response.ok) {

      console.error('[Stock Levels API] SQL3 failed:', response.status, response.statusText);

      throw new Error(`SQL3 API error: ${response.status} ${response.statusText}`);

    }


    const data = await response.json();


    console.log('[Stock Levels API] Response:', {

      hasData: !!data.data,

      rowCount: data.data?.rows?.length || 0

    });


    // 6. Return formatted response

    return NextResponse.json({

      success: true,

      data: {

        sql: sqlQuery,

        rows: data.data?.rows || [],

        count: data.data?.rows?.length || 0

      }

    });


  } catch (error: any) {

    console.error('[Stock Levels API] Error:', error);


    if (error.message && error.message.includes('403')) {

      return NextResponse.json(

        {

          error: 'Your session has expired. Please refresh the page and log in again.',

          code: 'SESSION_EXPIRED'

        },

        { status: 401 }

      );

    }


    return NextResponse.json(

      { error: error.message || 'Failed to fetch stock levels' },

      { status: 500 }

    );

  }

}