// app/api/submit/settings/route.ts import { NextRequest, NextResponse } from "next/server"; import { bytesFromMB, createSettingsItem, directusFetch, uploadFile, } from "@/lib/directus"; /** ───────────────────────────────────────────────────────────── * Accepts EITHER: * - application/json (photo/screen can be data URLs: photo_data, screen_data) * - multipart/form-data with: * - "payload" = JSON string (same shape as JSON body) * - "photo" = result image (REQUIRED) * - "screen" = screenshot image (optional) * * Targets (collections): * - settings_fiber (+ laser_soft, repeat_all) * - settings_co2gan * - settings_co2gal * - settings_uv * ──────────────────────────────────────────────────────────── */ export const runtime = "nodejs"; const MAX_MB = Number(process.env.FILE_MAX_MB || 25); const MAX_BYTES = bytesFromMB(MAX_MB); // light in-memory rate limiter const BUCKET = new Map(); const WINDOW_MS = Number(process.env.RATE_LIMIT_WINDOW || 60) * 1000; const MAX_REQ = Number(process.env.RATE_LIMIT_MAX || 15); function rateLimitOk(ip: string) { const now = Date.now(); const rec = BUCKET.get(ip); if (!rec || now > rec.resetAt) { BUCKET.set(ip, { c: 1, resetAt: now + WINDOW_MS }); return true; } if (rec.c >= MAX_REQ) return false; rec.c += 1; return true; } type Target = "settings_fiber" | "settings_co2gan" | "settings_co2gal" | "settings_uv"; /** Map target + kind → Directus folder name */ function folderName(target: Target, kind: "photo" | "screen") { const base = target === "settings_fiber" ? "le_fiber_settings" : target === "settings_uv" ? "le_uv_settings" : target === "settings_co2gal" ? "le_co2gal_settings" : "le_co2gan_settings"; return kind === "photo" ? `${base}_photos` : `${base}_screenshots`; } /** Lookup a folder id by name, returns null if not found */ async function findFolderIdByName(name: string): Promise { try { const res = await directusFetch<{ data: Array<{ id: string }> }>( `/folders?limit=1&fields=id&filter[name][_eq]=${encodeURIComponent(name)}` ); const id = res?.data?.[0]?.id ?? null; return id || null; } catch { return null; } } /** Patch a file to move it into a folder (no-op if folderId is null) */ async function moveFileToFolder(fileId: string, folderId: string | null) { if (!fileId || !folderId) return; await directusFetch(`/files/${fileId}`, { method: "PATCH", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ folder: folderId }), }); } // Whitelists for repeaters (matches your Directus repeater schemas) const FILL_KEYS = new Set([ "name", "power", "speed", "interval", "pass", "type", "flood", "air", "frequency", "pulse", "angle", "auto", "increment", "cross", ]); const LINE_KEYS = new Set([ "name", "power", "speed", "perf", "cut", "skip", "pass", "air", "frequency", "pulse", "wobble", "step", "size", ]); const RASTER_KEYS = new Set([ "name", "power", "speed", "type", "dither", "halftone_cell", "halftone_angle", "inversion", "interval", "dot", "pass", "air", "frequency", "pulse", "cross", ]); function sanitizeNumber(n: any, fallback: number | null = null) { if (n === null || n === undefined || n === "") return fallback; const v = Number(n); return Number.isFinite(v) ? v : fallback; } function sanitizeRepeaterRow( row: Record, allowed: Set ): Record { const out: Record = {}; for (const k of Object.keys(row || {})) { if (!allowed.has(k)) continue; if ( [ "power", "speed", "interval", "pass", "halftone_cell", "halftone_angle", "dot", "frequency", "pulse", "angle", "increment", "step", "size", ].includes(k) ) { out[k] = sanitizeNumber(row[k]); } else if (["auto", "cross", "wobble", "perf", "air", "flood", "inversion"].includes(k)) { out[k] = !!row[k]; } else { out[k] = row[k]; } } return out; } async function readJsonOrMultipart(req: NextRequest) { const ct = req.headers.get("content-type") || ""; if (ct.includes("multipart/form-data")) { const form = await req.formData(); const payloadRaw = String(form.get("payload") || "{}"); let body: any = {}; try { body = JSON.parse(payloadRaw); } catch { throw new Error("Invalid JSON in 'payload' field"); } const files = { photo: (form.get("photo") as File) || null, screen: (form.get("screen") as File) || null, }; return { mode: "multipart" as const, body, files }; } if (ct.includes("application/json")) { const body = await req.json(); return { mode: "json" as const, body, files: { photo: null as File | null, screen: null as File | null } }; } throw new Error("Unsupported content-type. Use JSON or multipart/form-data."); } export async function POST(req: NextRequest) { const started = Date.now(); try { const ip = req.headers.get("x-forwarded-for")?.split(",")[0]?.trim() || "0.0.0.0"; if (!rateLimitOk(ip)) { return NextResponse.json({ error: "Rate limited" }, { status: 429 }); } const { mode, body, files } = await readJsonOrMultipart(req); const target: Target = body?.target; if (!["settings_fiber", "settings_co2gan", "settings_co2gal", "settings_uv"].includes(target as any)) { return NextResponse.json({ error: "Invalid target" }, { status: 400 }); } // Required base fields const setting_title = String(body?.setting_title || body?.title || "").trim(); const uploader = String(body?.uploader || "").trim(); // Relations (required) const mat = body?.mat ?? null; const mat_coat = body?.mat_coat ?? null; const mat_color = body?.mat_color ?? null; const mat_opacity = body?.mat_opacity ?? null; const source = body?.source ?? null; const lens = body?.lens ?? null; // Numbers const mat_thickness = sanitizeNumber(body?.mat_thickness, null); const focus = sanitizeNumber(body?.focus, null); // Notes (optional) const setting_notes = String(body?.setting_notes || body?.notes || "").trim() || ""; // Fiber-only (required) const laser_soft = target === "settings_fiber" ? (body?.laser_soft ?? null) : null; const repeat_all = target === "settings_fiber" ? sanitizeNumber(body?.repeat_all, null) : null; // Validate requireds const missing: string[] = []; if (!setting_title) missing.push("setting_title"); if (!uploader) missing.push("uploader"); if (!source) missing.push("source"); if (!lens) missing.push("lens"); if (focus === null || !Number.isFinite(focus)) missing.push("focus"); if (!mat) missing.push("mat"); if (!mat_coat) missing.push("mat_coat"); if (!mat_color) missing.push("mat_color"); if (!mat_opacity) missing.push("mat_opacity"); if (target === "settings_fiber") { if (!laser_soft) missing.push("laser_soft"); if (repeat_all === null || !Number.isFinite(repeat_all)) missing.push("repeat_all"); } // Handle files (photo required) let photo_id: string | null = null; let screen_id: string | null = null; // If multipart, use file objects. Else allow base64 in JSON: photo_data/screen_data if (mode === "multipart") { if (!files.photo) missing.push("photo"); if (files.photo) { if (files.photo.size > MAX_BYTES) { return NextResponse.json( { error: `Photo exceeds ${MAX_MB} MB` }, { status: 400 } ); } const up = await uploadFile(files.photo, (files.photo as File).name || "photo"); photo_id = (up as any)?.id ?? null; // after upload, move into appropriate folder const folder = await findFolderIdByName(folderName(target, "photo")); await moveFileToFolder(String(photo_id), folder); } if (files.screen) { if (files.screen.size > MAX_BYTES) { return NextResponse.json( { error: `Screenshot exceeds ${MAX_MB} MB` }, { status: 400 } ); } const up = await uploadFile(files.screen, (files.screen as File).name || "screen"); screen_id = (up as any)?.id ?? null; const folder = await findFolderIdByName(folderName(target, "screen")); await moveFileToFolder(String(screen_id), folder); } } else { // JSON mode with optional base64 strings const pushBase64 = async (dataUrl: string, name: string) => { const base64 = (dataUrl || "").split(",")[1] || ""; if (!base64) return null; const raw = Buffer.from(base64, "base64"); if (raw.byteLength > MAX_BYTES) throw new Error(`${name} exceeds ${MAX_MB} MB`); const blob = new Blob([raw]); const up = await uploadFile(blob as any, name); return (up as any)?.id ?? null; }; if (body?.photo_data) { photo_id = await pushBase64(body.photo_data, "photo"); const folder = await findFolderIdByName(folderName(target, "photo")); await moveFileToFolder(String(photo_id), folder); } else { missing.push("photo"); } if (body?.screen_data) { screen_id = await pushBase64(body.screen_data, "screen"); const folder = await findFolderIdByName(folderName(target, "screen")); await moveFileToFolder(String(screen_id), folder); } } if (missing.length) { return NextResponse.json( { error: `Missing required: ${missing.join(", ")}` }, { status: 400 } ); } // Repeaters const fillsRaw = Array.isArray(body?.fill_settings) ? body.fill_settings : body?.fills || []; const linesRaw = Array.isArray(body?.line_settings) ? body.line_settings : body?.lines || []; const rastersRaw = Array.isArray(body?.raster_settings) ? body.raster_settings : body?.rasters || []; const fill_settings = (fillsRaw as any[]).map((r) => sanitizeRepeaterRow(r, FILL_KEYS)); const line_settings = (linesRaw as any[]).map((r) => sanitizeRepeaterRow(r, LINE_KEYS)); const raster_settings = (rastersRaw as any[]).map((r) => sanitizeRepeaterRow(r, RASTER_KEYS)); // Build record const nowIso = new Date().toISOString(); const payload: Record = { setting_title, uploader, setting_notes, // relations mat, mat_coat, mat_color, mat_opacity, source, lens, // numbers focus, mat_thickness, // files photo: photo_id, screen: screen_id, // repeaters fill_settings, line_settings, raster_settings, // meta submission_date: nowIso, last_modified_date: nowIso, status: "pending", submitted_via: "makearmy-app", submitted_at: nowIso, }; if (target === "settings_fiber") { payload.laser_soft = laser_soft; payload.repeat_all = repeat_all; } const created = await createSettingsItem(target, payload); // normalize PK to always provide "id" (your tables use submission_id) const newId = (created as any)?.submission_id ?? (created as any)?.data?.submission_id ?? (created as any)?.id ?? (created as any)?.data?.id ?? null; return NextResponse.json({ ok: true, id: newId, submission_id: newId, took_ms: Date.now() - started, }); } catch (err: any) { const msg = err?.message || "Unknown error"; return NextResponse.json({ error: msg }, { status: 500 }); } }