makearmy-app/lib/directus.ts

// lib/directus.ts
// Central Directus helpers used by API routes.

const BASE = process.env.DIRECTUS_URL!;
const TOKEN_SUBMIT = process.env.DIRECTUS_TOKEN_SUBMIT!;
const TOKEN_ADMIN_REGISTER = process.env.DIRECTUS_TOKEN_ADMIN_REGISTER || "";
const ROLE_MEMBER_ID_ENV = process.env.DIRECTUS_ROLE_MEMBER_ID || "";
const ROLE_MEMBER_NAME_ENV = process.env.DIRECTUS_ROLE_MEMBER_NAME || "Users";

const PROJECTS_COLLECTION =
process.env.DIRECTUS_PROJECTS_COLLECTION || "projects";

if (!BASE) console.warn("[directus] Missing DIRECTUS_URL");
if (!TOKEN_SUBMIT) console.warn("[directus] Missing DIRECTUS_TOKEN_SUBMIT");
if (!TOKEN_ADMIN_REGISTER) console.warn("[directus] Missing DIRECTUS_TOKEN_ADMIN_REGISTER (used for registration)");

export function bytesFromMB(mb: number) {
  return Math.round(mb * 1024 * 1024);
}

// Read response as text first; parse JSON if present so we never throw
// "Unexpected end of JSON input" for empty/HTML bodies.
async function parseJsonSafe(res: Response) {
  const text = await res.text();
  let json: any = null;
  try {
    json = text ? JSON.parse(text) : null;
  } catch {
    // non-JSON body; keep as null and let caller see status if needed
  }
  return { json, text };
}

/** directusFetch with the SUBMIT token (used by options + settings submit) */
export async function directusFetch<T = any>(
  path: string,
  init?: RequestInit
): Promise<T> {
  const res = await fetch(`${BASE}${path}`, {
    ...init,
    headers: {
      Accept: "application/json",
      Authorization: `Bearer ${TOKEN_SUBMIT}`,
      ...(init?.headers || {}),
    },
  });

  const { json, text } = await parseJsonSafe(res);
  if (!res.ok) {
    throw new Error(`Directus error ${res.status}: ${text || res.statusText}`);
  }
  return (json ?? {}) as T;
}

/** Same as above, but uses the ADMIN REGISTER token */
export async function directusAdminFetch<T = any>(
  path: string,
  init?: RequestInit
): Promise<T> {
  if (!TOKEN_ADMIN_REGISTER) {
    throw new Error("Missing DIRECTUS_TOKEN_ADMIN_REGISTER");
  }
  const res = await fetch(`${BASE}${path}`, {
    ...init,
    headers: {
      Accept: "application/json",
      Authorization: `Bearer ${TOKEN_ADMIN_REGISTER}`,
      ...(init?.headers || {}),
    },
  });

  const { json, text } = await parseJsonSafe(res);
  if (!res.ok) {
    throw new Error(`Directus error ${res.status}: ${text || res.statusText}`);
  }
  return (json ?? {}) as T;
}

/* ─────────────────────────────────────────────────────────────
 * On-the-fly folder lookup by "path" = "<parent>/<child>"
 * Caches results in-memory. If lookup is forbidden (403) or not found,
 * we return undefined and uploads proceed without a folder.
 * Requires READ on directus_folders (id,name,parent.name) to fully work.
 * ──────────────────────────────────────────────────────────── */

type FolderItem = {
  id: string;
  name: string;
  parent?: { id?: string; name?: string } | null;
};

const folderCache = new Map<string, string | undefined>();
let folderListCache: FolderItem[] | null = null;
let folderListCacheAt = 0;

async function fetchAllFolders(): Promise<FolderItem[] | null> {
  try {
    const q = `/folders?fields=id,name,parent.id,parent.name&limit=500`;
    const res = await directusAdminFetch<{ data: FolderItem[] }>(q);
    return res?.data ?? [];
  } catch (e: any) {
    console.warn("[directus] fetchAllFolders failed:", e?.message || e);
    return null;
  }
}

async function getFolderIdByPath(path: string): Promise<string | undefined> {
  if (!path) return undefined;
  if (folderCache.has(path)) return folderCache.get(path);

  const now = Date.now();
  const freshForMs = 60_000;
  if (!folderListCache || now - folderListCacheAt > freshForMs) {
    folderListCache = await fetchAllFolders();
    folderListCacheAt = now;
  }
  const list = folderListCache;
  if (!list) {
    folderCache.set(path, undefined);
    return undefined;
  }

  const parts = path.split("/").map((s) => s.trim()).filter(Boolean);
  const [parentName, childName] = parts;

  const eq = (a?: string | null, b?: string | null) =>
  String(a ?? "").toLowerCase() === String(b ?? "").toLowerCase();

  let match: FolderItem | undefined;
  if (parts.length >= 2) {
    match = list.find(
      (f) => eq(f.name, childName) && eq(f.parent?.name ?? "", parentName)
    );
  } else {
    match = list.find((f) => eq(f.name, parts[0]));
  }

  const id = match?.id ? String(match.id) : undefined;
  folderCache.set(path, id);
  return id;
}

/**
 * uploadFile:
 * Robustly uploads a file (Blob/File). Accepts optional folder routing:
 * - options.folderId: direct UUID if you have it
 * - options.folderNamePath: "<parent>/<child>" lookup via /folders
 * Also sets filename_download & optional title.
 */
export async function uploadFile(
  file: Blob | File,
  filename: string,
  options?: { folderId?: string; folderNamePath?: string; title?: string }
): Promise<{ id: string }> {
  const form = new FormData();
  form.set("file", file, filename);
  form.set("filename_download", filename);
  if (options?.title) form.set("title", options.title);

  let folderId = options?.folderId;
  if (!folderId && options?.folderNamePath) {
    try {
      folderId = await getFolderIdByPath(options.folderNamePath);
    } catch {
      // ignore; proceed without a folder
    }
  }
  if (folderId) form.set("folder", folderId);

  const res = await fetch(`${BASE}/files`, {
    method: "POST",
    headers: {
      Authorization: `Bearer ${TOKEN_SUBMIT}`,
      Accept: "application/json",
    },
    body: form,
  });

  const { json, text } = await parseJsonSafe(res);
  if (!res.ok) {
    throw new Error(
      `File upload failed: status=${res.status} ${res.statusText} body=${(text || "").slice(
        0,
        400
      ) || "<empty>"}`
    );
  }

  const id = json?.data?.id ?? json?.id;
  if (!id) throw new Error("File upload succeeded but no id returned");
  return { id: String(id) };
}

/** Create a settings item (used by settings submissions) */
export async function createSettingsItem(
  collection: string,
  payload: any
): Promise<{ data: { id: string } }> {
  return directusFetch<{ data: { id: string } }>(`/items/${collection}`, {
    method: "POST",
    headers: { "Content-Type": "application/json" },
    body: JSON.stringify(payload),
  });
}

/** ─────────────────────────────────────────────────────────────
 * Project helpers (used by app/api/submit/project/route.ts)
 * Collection can be overridden via DIRECTUS_PROJECTS_COLLECTION
 * ──────────────────────────────────────────────────────────── */

export async function createProjectRow(
  payload: any
): Promise<{ data: { id: string } }> {
  return directusFetch<{ data: { id: string } }>(
    `/items/${PROJECTS_COLLECTION}`,
    {
      method: "POST",
      headers: { "Content-Type": "application/json" },
      body: JSON.stringify(payload),
    }
  );
}

export async function patchProject(
  id: string | number,
  payload: any
): Promise<{ data: { id: string } }> {
  return directusFetch<{ data: { id: string } }>(
    `/items/${PROJECTS_COLLECTION}/${id}`,
    {
      method: "PATCH",
      headers: { "Content-Type": "application/json" },
      body: JSON.stringify(payload),
    }
  );
}

/* ─────────────────────────────────────────────────────────────
 * Auth helpers (registration / login support)
 * ──────────────────────────────────────────────────────────── */

export async function resolveMemberRoleId(): Promise<string> {
  if (ROLE_MEMBER_ID_ENV) return ROLE_MEMBER_ID_ENV;

  // Fallback by role name (e.g., "Users")
  const name = ROLE_MEMBER_NAME_ENV;
  const q = `/roles?filter[name][_eq]=${encodeURIComponent(
    name
  )}&fields=id,name&limit=1`;
  const { data } = await directusAdminFetch<{ data: Array<{ id: string }> }>(q);
  const hit = data?.[0]?.id;
  if (!hit) throw new Error(`Role not found: ${name}`);
  return hit;
}

/** Create a Directus user (username required, email optional). */
export async function createDirectusUser(input: {
  username: string;
  password: string;
  email?: string;
  roleId?: string;
}): Promise<{ id: string }> {
  const role = input.roleId || (await resolveMemberRoleId());

  // If email is omitted, create a stable placeholder so login can still work.
  const email =
  input.email && input.email.trim()
  ? input.email.trim()
  : `${input.username}@noemail.local`;

  const res = await directusAdminFetch<{ data: { id: string } }>(`/users`, {
    method: "POST",
    headers: { "Content-Type": "application/json" },
    body: JSON.stringify({
      status: "active",
      role,
      username: input.username,
      email,
      password: input.password,
    }),
  });

  return { id: String(res?.data?.id) };
}

/** Find user's email by username (returns null if not found) */
export async function emailForUsername(username: string): Promise<string | null> {
  const q = `/users?filter[username][_eq]=${encodeURIComponent(
    username
  )}&fields=email&limit=1`;
  const { data } = await directusAdminFetch<{ data: Array<{ email?: string }> }>(
    q
  );
  const em = data?.[0]?.email;
  return em ? String(em) : null;
}

/** Proxy Directus /auth/login and return tokens (email required here). */
export async function loginDirectus(email: string, password: string) {
  const res = await fetch(`${BASE}/auth/login`, {
    method: "POST",
    headers: {
      Accept: "application/json",
      "Content-Type": "application/json",
    },
    body: JSON.stringify({ email, password }),
  });

  const { json, text } = await parseJsonSafe(res);
  if (!res.ok) {
    throw new Error(`Directus error ${res.status}: ${text || res.statusText}`);
  }
  // Directus typically returns { data: { access_token, refresh_token, expires } }
  return json?.data ?? json;
}