Manage stakeholders implemented

app/api/rules/[id]/stakeholders/[stakeholderId]/resend/route.ts

@@ -0,0 +1,120 @@
+import { NextRequest, NextResponse } from "next/server";
+import { prisma } from "../../../../../../../lib/server/db";
+import {
+  getSessionPepper,
+  isDatabaseConfigured,
+} from "../../../../../../../lib/server/env";
+import { hashSessionToken, newSessionToken } from "../../../../../../../lib/server/hash";
+import { sendRuleStakeholderInviteEmail } from "../../../../../../../lib/server/mail";
+import { apiRoute } from "../../../../../../../lib/server/apiRoute";
+import { logRouteError } from "../../../../../../../lib/server/requestId";
+import { stakeholderInviteVerifyUrl } from "../../../../../../../lib/server/ruleStakeholderInviteOps";
+import { STAKEHOLDER_INVITE_TTL_MS } from "../../../../../../../lib/server/ruleStakeholders";
+import {
+  dbUnavailable,
+  errorJson,
+  forbidden,
+  notFound,
+  rateLimited,
+  serverMisconfigured,
+  unauthorized,
+} from "../../../../../../../lib/server/responses";
+import { getSessionUser } from "../../../../../../../lib/server/session";
+import { rateLimitKey } from "../../../../../../../lib/server/rateLimit";
+
+type RouteContext = { params: Promise<{ id: string; stakeholderId: string }> };
+
+export const POST = apiRoute<RouteContext>(
+  "rules.stakeholders.resend",
+  async (request: NextRequest, context, { requestId }) => {
+    if (!isDatabaseConfigured()) {
+      return dbUnavailable();
+    }
+
+    const user = await getSessionUser();
+    if (!user) {
+      return unauthorized();
+    }
+
+    const { id: ruleId, stakeholderId } = await context.params;
+
+    const row = await prisma.ruleStakeholder.findFirst({
+      where: { id: stakeholderId, ruleId },
+      select: {
+        id: true,
+        email: true,
+        inviteTokenHash: true,
+        inviteExpiresAt: true,
+        rule: { select: { userId: true, title: true } },
+      },
+    });
+
+    if (!row) {
+      return notFound();
+    }
+    if (row.rule.userId !== user.id) {
+      return forbidden();
+    }
+    if (row.inviteTokenHash === null) {
+      return errorJson(
+        "validation_error",
+        "This stakeholder has already accepted the invite",
+        400,
+      );
+    }
+
+    const rl = rateLimitKey(`rule-stakeholders-resend:${row.id}`, 60_000);
+    if (rl.ok === false) {
+      return rateLimited(rl.retryAfterMs);
+    }
+
+    let pepper: string;
+    try {
+      pepper = getSessionPepper();
+    } catch (err) {
+      logRouteError("rules.stakeholders.resend", requestId, err, {
+        phase: "getSessionPepper",
+      });
+      return serverMisconfigured();
+    }
+
+    const prevHash = row.inviteTokenHash;
+    const prevExp = row.inviteExpiresAt;
+    const token = newSessionToken();
+    const newHash = hashSessionToken(token, pepper);
+    const newExp = new Date(Date.now() + STAKEHOLDER_INVITE_TTL_MS);
+
+    await prisma.ruleStakeholder.update({
+      where: { id: row.id },
+      data: {
+        inviteTokenHash: newHash,
+        inviteExpiresAt: newExp,
+      },
+    });
+
+    const verifyUrl = stakeholderInviteVerifyUrl(request.nextUrl.origin, token);
+    try {
+      await sendRuleStakeholderInviteEmail(row.email, verifyUrl, row.rule.title);
+    } catch (err) {
+      logRouteError("rules.stakeholders.resend", requestId, err, {
+        phase: "sendRuleStakeholderInviteEmail",
+      });
+      await prisma.ruleStakeholder
+        .update({
+          where: { id: row.id },
+          data: {
+            inviteTokenHash: prevHash,
+            inviteExpiresAt: prevExp,
+          },
+        })
+        .catch(() => {});
+      return errorJson(
+        "mail_failed",
+        "Could not resend stakeholder invite",
+        502,
+      );
+    }
+
+    return NextResponse.json({ ok: true });
+  },
+);