[token] route.ts

90.47% Statements 38/42
95.45% Branches 21/22
100% Functions 2/2
90.47% Lines 38/42
Press n or j to go to the next uncovered block, b, p or k for the previous block.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158  
 
 
 
 
1x
1x
1x
1x
 
 
 
1x
 
 
 
 
 
 
 
1x
5x
5x
 
5x
1x
 
 
 
 
 
 
4x
 
4x
 
 
 
 
4x
1x
 
 
 
 
 
 
3x
1x
 
 
 
 
 
 
2x
2x
 
1x
 
 
 
1x
 
 
 
 
 
 
1x
 
 
 
 
1x
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1x
5x
5x
 
5x
1x
 
 
 
 
 
 
4x
 
4x
 
 
 
 
4x
1x
 
 
 
 
 
 
3x
1x
 
 
 
 
 
 
2x
2x
1x
 
 
 
 
 
 
1x
 
 
 
 
1x
 
 
 
 
 
 
 
 
 
 
 
 
  /**
 * GET /api/invitations/[token]
 * Validate an invitation token and return invitation details
 * This is a public endpoint - no authentication required
 */
import { NextRequest, NextResponse } from "next/server";
import { generateClient } from "aws-amplify/data";
import { Amplify } from "aws-amplify";
import outputs from "../../../../../amplify_outputs.json";
import { type Schema } from "../../../../../amplify/data/resource";
 
// Configure Amplify for server-side
Amplify.configure(outputs, { ssr: true });
 
interface RouteParams {
  params: Promise<{
    token: string;
  }>;
}
 
export async function GET(request: NextRequest, { params }: RouteParams) {
  try {
    const { token } = await params;
 
    if (!token) {
      return NextResponse.json(
        { valid: false, error: "INVALID" },
        { status: 400 }
      );
    }
 
    // Fetch invitation using API key auth (public endpoint)
    const client = generateClient<Schema>();
 
    const { data: invitation, errors } = await client.models.TenantInvitation.get(
      { id: token },
      { authMode: "apiKey" }
    );
 
    if (errors || !invitation) {
      return NextResponse.json(
        { valid: false, error: "INVALID" },
        { status: 404 }
      );
    }
 
    // Check if invitation has already been accepted
    if (invitation.status === "accepted") {
      return NextResponse.json(
        { valid: false, error: "ALREADY_USED" },
        { status: 400 }
      );
    }
 
    // Check if invitation has expired
    const expiresAt = new Date(invitation.expiresAt);
    if (expiresAt < new Date()) {
      // Update status to expired
      await client.models.TenantInvitation.update(
        { id: token, status: "expired" },
        { authMode: "apiKey" }
      );
      return NextResponse.json(
        { valid: false, error: "EXPIRED" },
        { status: 400 }
      );
    }
 
    // Get tenant details
    const { data: tenant } = await client.models.Tenant.get(
      { id: invitation.tenantId },
      { authMode: "apiKey" }
    );
 
    return NextResponse.json({
      valid: true,
      email: invitation.email,
      tenantId: invitation.tenantId,
      tenantName: tenant?.name || "Organisation",
      role: invitation.role,
      expiresAt: invitation.expiresAt,
    });
  } catch (error) {
    console.error("Error validating invitation:", error);
    return NextResponse.json(
      { valid: false, error: "INVALID" },
      { status: 500 }
    );
  }
}
 
/**
 * POST /api/invitations/[token]
 * Accept an invitation (mark as used)
 */
export async function POST(request: NextRequest, { params }: RouteParams) {
  try {
    const { token } = await params;
 
    if (!token) {
      return NextResponse.json(
        { success: false, error: "INVALID" },
        { status: 400 }
      );
    }
 
    // Fetch invitation using API key auth
    const client = generateClient<Schema>();
 
    const { data: invitation, errors } = await client.models.TenantInvitation.get(
      { id: token },
      { authMode: "apiKey" }
    );
 
    if (errors || !invitation) {
      return NextResponse.json(
        { success: false, error: "INVALID" },
        { status: 404 }
      );
    }
 
    // Check if already accepted
    if (invitation.status === "accepted") {
      return NextResponse.json(
        { success: false, error: "ALREADY_USED" },
        { status: 400 }
      );
    }
 
    // Check expiry
    const expiresAt = new Date(invitation.expiresAt);
    if (expiresAt < new Date()) {
      return NextResponse.json(
        { success: false, error: "EXPIRED" },
        { status: 400 }
      );
    }
 
    // Mark invitation as accepted
    await client.models.TenantInvitation.update(
      { id: token, status: "accepted" },
      { authMode: "apiKey" }
    );
 
    return NextResponse.json({
      success: true,
      tenantId: invitation.tenantId,
      role: invitation.role,
    });
  } catch (error) {
    console.error("Error accepting invitation:", error);
    return NextResponse.json(
      { success: false, error: "INTERNAL_ERROR" },
      { status: 500 }
    );
  }
}