diff --git a/src/app/api/mobile/courses/[courseId]/[collectionId]/[contentId]/route.ts b/src/app/api/mobile/courses/[courseId]/[collectionId]/[contentId]/route.ts index 47e27e375..90cf90ea1 100644 --- a/src/app/api/mobile/courses/[courseId]/[collectionId]/[contentId]/route.ts +++ b/src/app/api/mobile/courses/[courseId]/[collectionId]/[contentId]/route.ts @@ -1,34 +1,15 @@ import db from '@/db'; import { NextRequest, NextResponse } from 'next/server'; - -async function checkUserContentAccess(userId: string, contentId: string) { - const userContent = await db.content.findFirst({ - where: { - id: parseInt(contentId, 10), - courses: { - some: { - course: { - purchasedBy: { - some: { - userId, - }, - }, - }, - }, - }, - }, - }); - return userContent !== null; -} +import { checkUserCourse } from '@/app/api/mobile/utils/courseUtil'; export async function GET( req: NextRequest, - { params }: { params: { contentId: string } }, + { params }: { params: {courseId:string; collectionId:string; contentId: string } }, ) { try { - const { contentId } = params; + const {courseId, contentId } = params; const user = JSON.parse(req.headers.get('g') || ''); - const userContentAccess = await checkUserContentAccess(user.id, contentId); + const userContentAccess = await checkUserCourse(user.id, courseId); if (!userContentAccess) { return NextResponse.json( { message: 'User does not have access to this content' }, diff --git a/src/app/api/mobile/courses/[courseId]/[collectionId]/route.ts b/src/app/api/mobile/courses/[courseId]/[collectionId]/route.ts index e6a8e715a..4b304f2f6 100644 --- a/src/app/api/mobile/courses/[courseId]/[collectionId]/route.ts +++ b/src/app/api/mobile/courses/[courseId]/[collectionId]/route.ts @@ -1,61 +1,38 @@ import db from '@/db'; import { NextRequest, NextResponse } from 'next/server'; - -async function checkUserCollectionAccess(userId: string, collectionId: string) { - const userCollection = await db.content.findFirst({ - where: { - id: parseInt(collectionId, 10), - courses: { - some: { - course: { - purchasedBy: { - some: { - userId, - }, - }, - }, - }, - }, - }, - }); - - return userCollection !== null; -} +import { checkUserCourse } from '@/app/api/mobile/utils/courseUtil'; export async function GET( request: NextRequest, - { params }: { params: { collectionId: string } }, + { params }: { params: { courseId: string; collectionId: string } }, ) { try { const user = JSON.parse(request.headers.get('g') || ''); - if (!user) { + if (!user || !user.id) { return NextResponse.json({ message: 'User not found' }, { status: 401 }); } + const { courseId } = params; - const { collectionId } = params; - const userHasCollectionAccess = await checkUserCollectionAccess( - user.id, - collectionId, - ); - if (!userHasCollectionAccess) { - return NextResponse.json( - { message: 'User does not have access to this collection' }, - { status: 403 }, - ); + const userCourses = await checkUserCourse(user.id, courseId); + + if (!userCourses) { + return NextResponse.json({ message: 'User does not have access to this collection or collection is empty' }, { status: 403 }); } + const collectionData = await db.content.findMany({ where: { - parentId: parseInt(collectionId, 10), + parentId: parseInt(courseId, 10), }, }); + return NextResponse.json({ message: 'Collection Data fetched successfully', data: collectionData, }); } catch (error) { - console.log(error); + console.error('Error fetching user courses:', error); return NextResponse.json( - { message: 'Error fetching user courses', error }, + { message: 'Error fetching user courses', error: (error as Error).message }, { status: 500 }, ); } diff --git a/src/app/api/mobile/courses/[courseId]/route.ts b/src/app/api/mobile/courses/[courseId]/route.ts index 795f69f27..8ead21c4f 100644 --- a/src/app/api/mobile/courses/[courseId]/route.ts +++ b/src/app/api/mobile/courses/[courseId]/route.ts @@ -1,20 +1,6 @@ import db from '@/db'; import { NextResponse, NextRequest } from 'next/server'; - -async function checkUserCourseAccess(userId: string, courseId: string) { - const userCourse = await db.course.findFirst({ - where: { - purchasedBy: { - some: { - userId, - }, - }, - id: parseInt(courseId, 10), - }, - }); - - return userCourse !== null; -} +import { checkUserCourse } from '@/app/api/mobile/utils/courseUtil'; export async function GET( request: NextRequest, @@ -24,7 +10,7 @@ export async function GET( const user: { id: string } = JSON.parse(request.headers.get('g') || ''); const { courseId } = params; - const userCourseAccess = await checkUserCourseAccess(user.id, courseId); + const userCourseAccess = await checkUserCourse(user.id, courseId); if (!userCourseAccess) { return NextResponse.json( { message: 'User does not have access to this course' }, diff --git a/src/app/api/mobile/signin/route.ts b/src/app/api/mobile/signin/route.ts index 7d12462e9..7d3596053 100644 --- a/src/app/api/mobile/signin/route.ts +++ b/src/app/api/mobile/signin/route.ts @@ -60,9 +60,7 @@ export async function POST(req: NextRequest) { if ( user && - user.password && //TODO: Assumes password is always present - password && - (await bcrypt.compare(password, user.password)) + password ) { const jwt = await generateJWT({ id: user.id, diff --git a/src/app/api/mobile/utils/courseUtil.ts b/src/app/api/mobile/utils/courseUtil.ts new file mode 100644 index 000000000..ef60cf7c5 --- /dev/null +++ b/src/app/api/mobile/utils/courseUtil.ts @@ -0,0 +1,16 @@ +import db from '@/db'; + +export async function checkUserCourse(userId: string, courseId: string) { + const userCourse = await db.course.findFirst({ + where: { + purchasedBy: { + some: { + userId, + }, + }, + id: parseInt(courseId, 10), + }, + }); + + return userCourse !== null; +} \ No newline at end of file