144 lines
4.8 KiB
TypeScript
144 lines
4.8 KiB
TypeScript
/**
|
|
* GET /api/preview-link?cid=<contactId>&token=<HEALTH_TOKEN>
|
|
*
|
|
* Returns a ready-to-send check-in URL for a given contact, plus enough
|
|
* context for staff to verify it's the right org. Used for:
|
|
* - Generating links to paste into ad-hoc emails (or external tools)
|
|
* - Testing a contact's setup before sending the real CiviCRM email
|
|
* - QA before rollout
|
|
*
|
|
* AUTH: Always requires the HEALTH_TOKEN (same secret as /api/health). In
|
|
* development, if HEALTH_TOKEN is unset, anyone can hit the endpoint —
|
|
* matches /api/health behavior so dev workflow stays frictionless. In
|
|
* production, the endpoint returns 404 if HEALTH_TOKEN is unset.
|
|
*
|
|
* Returns:
|
|
* {
|
|
* contactId, contactName,
|
|
* orgId, orgName, orgStage,
|
|
* url, // the full form URL with cid + cs
|
|
* checksum,
|
|
* ttlHours // how long the checksum is valid (Civi default 14d)
|
|
* }
|
|
*/
|
|
|
|
import { NextResponse } from "next/server";
|
|
import { civi } from "@/lib/civicrm";
|
|
import { FORM_CONTACT_RELATIONSHIP } from "@/config/form";
|
|
import { appEnv } from "@/lib/env";
|
|
|
|
interface PreviewLinkResponse {
|
|
contactId: number;
|
|
contactName: string;
|
|
orgId: number;
|
|
orgName: string;
|
|
orgStage: string;
|
|
url: string;
|
|
checksum: string;
|
|
ttlHours: number;
|
|
}
|
|
|
|
export async function GET(req: Request) {
|
|
const env = appEnv();
|
|
const url = new URL(req.url);
|
|
const cid = url.searchParams.get("cid");
|
|
const token = url.searchParams.get("token");
|
|
|
|
// Auth gate: production requires HEALTH_TOKEN. Dev allows passthrough.
|
|
if (env.isProduction) {
|
|
if (!env.healthToken) return new NextResponse("Not Found", { status: 404 });
|
|
if (token !== env.healthToken) return new NextResponse("Not Found", { status: 404 });
|
|
} else if (env.healthToken && token !== env.healthToken) {
|
|
return new NextResponse("Not Found", { status: 404 });
|
|
}
|
|
|
|
if (!cid) {
|
|
return NextResponse.json({ error: "Missing cid parameter." }, { status: 400 });
|
|
}
|
|
const contactId = Number(cid);
|
|
if (!Number.isFinite(contactId)) {
|
|
return NextResponse.json({ error: "cid must be an integer." }, { status: 400 });
|
|
}
|
|
|
|
if (env.isStub) {
|
|
return NextResponse.json(
|
|
{ error: "Stub mode active — set CIVI_* env vars to generate real links." },
|
|
{ status: 501 },
|
|
);
|
|
}
|
|
|
|
// Resolve org via the Primary Contact relationship.
|
|
const relRes = await civi<{ contact_id_b: number }>("Relationship", "get", {
|
|
select: ["contact_id_b"],
|
|
where: [
|
|
["contact_id_a", "=", contactId],
|
|
["relationship_type_id.name_a_b", "=", FORM_CONTACT_RELATIONSHIP],
|
|
["is_active", "=", true],
|
|
],
|
|
limit: 2,
|
|
});
|
|
const orgs = relRes.values ?? [];
|
|
if (orgs.length === 0) {
|
|
return NextResponse.json(
|
|
{
|
|
error: `Contact ${contactId} has no active "${FORM_CONTACT_RELATIONSHIP}" relationship to an organization.`,
|
|
},
|
|
{ status: 404 },
|
|
);
|
|
}
|
|
if (orgs.length > 1) {
|
|
return NextResponse.json(
|
|
{
|
|
error: `Contact ${contactId} has multiple active "${FORM_CONTACT_RELATIONSHIP}" relationships. Resolve in CiviCRM first.`,
|
|
},
|
|
{ status: 409 },
|
|
);
|
|
}
|
|
const orgId = orgs[0].contact_id_b;
|
|
|
|
// Pull contact + org names + the org's current stage so the response gives
|
|
// staff everything they need to confirm "yes, this is the right link."
|
|
const [contactRes, orgRes, csRes] = await Promise.all([
|
|
civi<{ display_name: string }>("Contact", "get", {
|
|
select: ["display_name"],
|
|
where: [["id", "=", contactId]],
|
|
}),
|
|
civi<{ display_name: string; "Food_Co_op_Organizing.Stage": string | null }>("Contact", "get", {
|
|
select: ["display_name", "Food_Co_op_Organizing.Stage"],
|
|
where: [["id", "=", orgId]],
|
|
}),
|
|
civi<{ checksum: string }>("Contact", "getChecksum", { contactId }),
|
|
]);
|
|
|
|
const contactName = contactRes.values?.[0]?.display_name ?? `Contact ${contactId}`;
|
|
const orgName = orgRes.values?.[0]?.display_name ?? `Organization ${orgId}`;
|
|
const orgStage = orgRes.values?.[0]?.["Food_Co_op_Organizing.Stage"] ?? "";
|
|
const checksum = csRes.values?.[0]?.checksum;
|
|
if (!checksum) {
|
|
return NextResponse.json(
|
|
{ error: "Could not generate a checksum for this contact." },
|
|
{ status: 500 },
|
|
);
|
|
}
|
|
|
|
// Build the URL. Prefer the explicit PUBLIC_ORIGIN env var; fall back to
|
|
// the request's own origin (handy for dev / first-deploy).
|
|
const origin =
|
|
env.publicOrigin ?? `${url.protocol}//${url.host}`;
|
|
const formUrl = new URL("/", origin);
|
|
formUrl.searchParams.set("cid", String(contactId));
|
|
formUrl.searchParams.set("cs", checksum);
|
|
|
|
const payload: PreviewLinkResponse = {
|
|
contactId,
|
|
contactName,
|
|
orgId,
|
|
orgName,
|
|
orgStage: orgStage ?? "",
|
|
url: formUrl.toString(),
|
|
checksum,
|
|
ttlHours: 14 * 24, // Civi default — adjust if your install changed cs_offset.
|
|
};
|
|
return NextResponse.json(payload);
|
|
}
|