v1_2openapi_2customers_2route_8ts_source.html

import { NextRequest, NextResponse } from 'next/server';

import { fieldpineServerApi } from '@/lib/server/fieldpineApi';

import { getRequestContext, validateApiAccess } from '@/lib/server/sessionUtils';


/**

 * Customers Endpoint (ELINK API)

 * GET /api/v1/openapi/customers

 *

 * Uses Fieldpine's ELINK API (retailmax.elink.customers)

 * Security: Retail stores can access this (ELINK only)

 */

export async function GET(request: NextRequest) {

  try {

    // 1. Get session and store context

    const context = await getRequestContext(request);


    if (!context || !context.isAuthenticated) {

      return NextResponse.json(

        { error: 'Authentication required' },

        { status: 401 }

      );

    }


    // 2. SECURITY: Validate ELINK access

    const apiAccessValidation = validateApiAccess(context, 'elink');

    if (!apiAccessValidation.valid) {

      console.warn(`[API Security] ELINK access denied: ${apiAccessValidation.error}`);

      return NextResponse.json(

        {

          error: apiAccessValidation.error,

          code: apiAccessValidation.errorCode

        },

        { status: 403 }

      );

    }


    // 3. Rate limiting

    const clientId = request.headers.get('x-forwarded-for') ||

                    request.headers.get('x-real-ip') ||

                    context.session.userId ||

                    'unknown';

    if (!fieldpineServerApi.checkClientRateLimit(clientId)) {

      return NextResponse.json(

        { error: 'Rate limit exceeded' },

        { status: 429 }

      );

    }


    // 4. Parse query parameters

    const { searchParams } = new URL(request.url);

    const search = searchParams.get('search');

    const customerId = searchParams.get('customerId');

    const phone = searchParams.get('phone');

    const email = searchParams.get('email');

    const limit = searchParams.get('limit') || '100';


    console.log(`[Customers API] Search params:`, { search, customerId, phone, email, limit });


    // 5. Build ELINK BUCK parameters for customers

    // Field reference: f100=customer ID, f1130=customer name, f152=phone, f153=email

    const buckParams: Record<string, string> = {

      "3": "retailmax.elink.customers",

      "16": "4", // Detail level

      "20": limit,

      "99": Math.random().toString()

    };


    // Add search filter

    if (search) {

      buckParams["9"] = `f1130,8,${encodeURIComponent(search)}`;

    } else if (customerId) {

      buckParams["9"] = `f100,0,${customerId}`;

    } else if (phone) {

      buckParams["9"] = `f152,8,${encodeURIComponent(phone)}`;

    } else if (email) {

      buckParams["9"] = `f153,8,${encodeURIComponent(email)}`;

    }


    // 6. Make ELINK API call using singleton

    console.log(`[Customers API] Session data:`, {

      hasApiKey: !!context.session.apiKey,

      apiKeyLength: context.session.apiKey?.length,

      userId: context.session.userId

    });


    if (!context.session.apiKey) {

      console.error('[Customers API] No API key in session!');

      return NextResponse.json(

        { error: 'Session expired or invalid. Please log in again.' },

        { status: 401 }

      );

    }


    // Use store-specific URL for API calls

    const buckResponse = await fieldpineServerApi.buckApiCall(

      buckParams,

      context.session.apiKey,

      context.store.url

    );


    // 7. Transform BUCK response to OData format with proper field mapping

    let customers: any[] = [];

    if (buckResponse && buckResponse.RootType === "ARAY" && buckResponse.DATS && Array.isArray(buckResponse.DATS)) {

      customers = buckResponse.DATS.map((item: any) => ({

        Cid: item.f100 || 0,

        Name: item.f1130 || '',

        Email: item.f153 || '',

        Phone: item.f152 || '',

        Mobile: item.f159 || '', // f159 = mobile number

        AccountBalance: item.f160 || 0, // f160 = account balance

        Address1: item.f150 || '',

        Address2: item.f151 || '',

        City: item.f154 || '',

        State: item.f155 || '',

        Postcode: item.f156 || '',

        Country: item.f157 || '',

        DeliveryAddress1: item.f170 || '',

        DeliveryAddress2: item.f171 || '',

        DeliveryCity: item.f174 || '',

        DeliveryState: item.f175 || '',

        DeliveryPostcode: item.f176 || '',

        DeliveryCountry: item.f177 || ''

      }));

    }


    console.log(`[Customers API] Returning ${customers.length} customers via ELINK`);


    return NextResponse.json({

      success: true,

      data: customers, // Return array directly for frontend compatibility

      count: customers.length,

      source: 'elink'

    });


  } catch (error: any) {

    console.error('[Customers API] Error:', error);


    // Check if it's a 403/authentication error

    if (error.message && error.message.includes('403')) {

      return NextResponse.json(

        {

          error: 'Your session has expired. Please refresh the page and log in again.',

          code: 'SESSION_EXPIRED'

        },

        { status: 401 }

      );

    }


    return NextResponse.json(

      { error: error.message || 'Failed to fetch customers' },

      { status: 500 }

    );

  }

}