import { NextRequest } from 'next/server'; import { prisma } from '@/lib/prisma'; import { getServerSession } from "next-auth"; import { authOptions } from "../../auth/authOptions"; import { FactureSchema } from "@/lib/validations/schemas"; import { successResponse, errorResponse, unauthorizedResponse, validationErrorResponse } from "@/lib/api-response"; import { z } from "zod"; export async function GET(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { try { const session = await getServerSession(authOptions); if (!session) return unauthorizedResponse(); const resolvedParams = await params; const { id } = resolvedParams; const facture = await prisma.facture.findUnique({ where: { id }, include: { partner: true }, }); if (!facture) return errorResponse('Facture non trouvée', undefined, 404); return successResponse(facture); } catch (error: any) { return errorResponse("Error fetching facture", error.message); } } export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { try { const session = await getServerSession(authOptions); if (!session || (session.user.role !== "MANAGER" && session.user.role !== "ADMIN")) { return unauthorizedResponse(); } const resolvedParams = await params; const { id } = resolvedParams; // Liste blanche des champs autorisés pour la mise à jour const allowedFields = [ "type", "titre", "montant", "partenaireId", "clientId", "dateReception", "echeance", "statut", "remarque", "pdfPath", "datePaiement" ]; let updateData: any = {}; const contentType = req.headers.get("content-type") || ""; if (contentType.includes("application/json")) { const data = await req.json(); const PartialFactureSchema = FactureSchema.partial(); try { PartialFactureSchema.parse(data); } catch (validationError: any) { if (validationError instanceof z.ZodError) { return validationErrorResponse(validationError); } } for (const key of allowedFields) { if (data[key] !== undefined) { if (["montant"].includes(key)) updateData[key] = parseFloat(data[key]); else if (["partenaireId", "clientId"].includes(key)) updateData[key] = parseInt(data[key], 10); else if (["dateReception", "echeance", "datePaiement"].includes(key)) updateData[key] = new Date(data[key]); else updateData[key] = data[key]; } } } else if (contentType.includes("multipart/form-data")) { const formData = await req.formData(); for (const key of allowedFields) { const value = formData.get(key); if (value !== null && value !== undefined && value !== "") { if (["montant"].includes(key)) updateData[key] = parseFloat(value as string); else if (["partenaireId", "clientId"].includes(key)) updateData[key] = parseInt(value as string, 10); else if (["dateReception", "echeance", "datePaiement"].includes(key)) updateData[key] = new Date(value as string); else updateData[key] = value; } } } else { return errorResponse("Type de contenu non supporté", undefined, 400); } const facture = await prisma.facture.update({ where: { id }, data: updateData, include: { client: true, partner: true }, }); return successResponse(facture); } catch (error: any) { return errorResponse("Erreur lors de la modification", error.message); } } export async function DELETE(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { try { const session = await getServerSession(authOptions); if (!session || (session.user.role !== "MANAGER" && session.user.role !== "ADMIN")) { return unauthorizedResponse(); } const resolvedParams = await params; const { id } = resolvedParams; await prisma.facture.delete({ where: { id } }); return successResponse({ success: true }); } catch (error: any) { return errorResponse("Erreur lors de la suppression", error.message); } }