Profile page UI and functionality implemented

app/api/rules/[id]/route.ts

@@ -1,7 +1,14 @@
 import { NextResponse } from "next/server";
+import { prisma } from "../../../../lib/server/db";
 import { isDatabaseConfigured } from "../../../../lib/server/env";
-import { dbUnavailable, notFound } from "../../../../lib/server/responses";
+import {
+  dbUnavailable,
+  forbidden,
+  notFound,
+  unauthorized,
+} from "../../../../lib/server/responses";
 import { getPublicPublishedRuleById } from "../../../../lib/server/publishedRules";
+import { getSessionUser } from "../../../../lib/server/session";
 import { apiRoute } from "../../../../lib/server/apiRoute";
 
 type RouteContext = { params: Promise<{ id: string }> };
@@ -20,6 +27,47 @@ export const GET = apiRoute<RouteContext>(
       return notFound();
     }
 
-    return NextResponse.json({ rule });
+    const user = await getSessionUser();
+    let viewerIsOwner = false;
+    if (user) {
+      const ownerRow = await prisma.publishedRule.findUnique({
+        where: { id },
+        select: { userId: true },
+      });
+      viewerIsOwner = ownerRow?.userId === user.id;
+    }
+
+    return NextResponse.json({ rule, viewerIsOwner });
+  },
+);
+
+export const DELETE = apiRoute<RouteContext>(
+  "rules.byId.delete",
+  async (_request, context) => {
+    if (!isDatabaseConfigured()) {
+      return dbUnavailable();
+    }
+
+    const user = await getSessionUser();
+    if (!user) {
+      return unauthorized();
+    }
+
+    const { id } = await context.params;
+
+    const row = await prisma.publishedRule.findUnique({
+      where: { id },
+      select: { id: true, userId: true },
+    });
+    if (!row) {
+      return notFound();
+    }
+    if (row.userId !== user.id) {
+      return forbidden("You do not have permission to delete this rule");
+    }
+
+    await prisma.publishedRule.delete({ where: { id: row.id } });
+
+    return NextResponse.json({ ok: true });
   },
 );