Files
route-commerce/src/app/api/v1/campaigns/route.ts
T

118 lines
3.6 KiB
TypeScript

// Campaigns API - Route-based handlers
import { NextRequest, NextResponse } from "next/server";
import { z } from "zod";
import { emailLimiter, checkRateLimit, rateLimitExceeded, securityHeaders } from "@/lib/rate-limit";
import { analytics } from "@/lib/analytics";
import { captureError } from "@/lib/sentry";
import { pool } from "@/lib/db";
// Helper functions
function apiResponse(data: unknown, status: number = 200) {
return NextResponse.json({ data }, { status });
}
function apiError(message: string, status: number) {
return NextResponse.json({ error: message }, { status });
}
function validationError(error: z.ZodError) {
return NextResponse.json({ error: "Validation failed", details: error.issues }, { status: 400 });
}
// ============================================
// CAMPAIGNS API
// ============================================
const createCampaignSchema = z.object({
brand_id: z.string().uuid(),
name: z.string().min(1).max(255),
subject: z.string().min(1).max(500),
content: z.string().min(1),
type: z.enum(["email", "sms"]).default("email"),
segment_id: z.string().uuid().optional(),
contact_ids: z.array(z.string().uuid()).optional(),
scheduled_at: z.string().datetime().optional(),
});
export async function POST(req: NextRequest) {
try {
// Rate limiting
const rateCheck = await checkRateLimit(emailLimiter, req.headers.get("x-forwarded-for") || "anonymous");
if (!rateCheck.success) {
return rateLimitExceeded(Math.ceil((rateCheck.reset - Date.now()) / 1000));
}
// Parse and validate body
const body = await req.json();
const validation = createCampaignSchema.safeParse(body);
if (!validation.success) {
return validationError(validation.error);
}
// Create campaign via RPC
const { rows: campaignRows } = await pool.query<{ create_campaign: { id: string; [k: string]: unknown } | null }>(
`SELECT create_campaign($1, $2, $3, $4, $5, $6, $7::uuid[], $8) AS create_campaign`,
[
validation.data.brand_id,
validation.data.name,
validation.data.subject,
validation.data.content,
validation.data.type,
validation.data.segment_id ?? null,
validation.data.contact_ids ?? null,
validation.data.scheduled_at ?? null,
],
);
const campaign = campaignRows[0]?.create_campaign;
if (!campaign) {
return apiError("Failed to create campaign", 500);
}
// Track analytics
const audienceSize = validation.data.contact_ids?.length || 0;
analytics.campaignCreated(campaign.id, validation.data.type, audienceSize);
return apiResponse(campaign, 201);
} catch (error) {
captureError(error as Error, { path: "/api/campaigns", method: "POST" });
return apiError("Internal server error", 500);
}
}
export async function GET(req: NextRequest) {
try {
const { searchParams } = new URL(req.url);
const brand_id = searchParams.get("brand_id");
if (!brand_id) {
return apiError("brand_id is required", 400);
}
const { rows: campaigns } = await pool.query(
`SELECT * FROM communication_campaigns
WHERE brand_id = $1
ORDER BY created_at DESC`,
[brand_id],
);
return apiResponse(campaigns);
} catch (error) {
captureError(error as Error, { path: "/api/campaigns", method: "GET" });
return apiError("Internal server error", 500);
}
}
// OPTIONS handler
export async function OPTIONS() {
return new Response(null, {
status: 204,
headers: {
...securityHeaders(),
"Access-Control-Allow-Methods": "GET, POST, OPTIONS",
"Access-Control-Allow-Headers": "Content-Type, Authorization",
},
});
}