Skip to content

feat: implement comment API routes #132

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
FabianSanchezD wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

feat: implement comment API routes #132

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8086e1f
feat: implement comment API routes
FabianSanchezD Sep 29, 2025
19f412b
fix: route shouldn't trust request, uses sso instead (also linter cha…
sebasaguilar12 Oct 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
93 changes: 93 additions & 0 deletions src/app/api/(comment)/comment/create/route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
/**
* POST /api/comment/create
*
* Body: { message: string, user_id: string, payout_id: string }
* Returns: { success: boolean, comment: Comment, message: string }
*/
import { commentCreateSchema } from "@/components/modules/comment/schema/comment.schema";
import { handleDatabaseError, prisma } from "@/lib/prisma";
import { NextResponse } from "next/server";

export async function POST(request: Request) {
try {
const body = await request.json();
const parsed = commentCreateSchema.safeParse(body);

if (!parsed.success) {
return NextResponse.json(
{ error: "Invalid data", details: parsed.error.errors },
{ status: 400 }
);
}

const { message, user_id, payout_id } = parsed.data;

// Find the user in the database
const user = await prisma.user.findUnique({
where: { user_id },
select: { user_id: true, is_active: true }
});

if (!user) {
return NextResponse.json(
{ error: "User not found" },
{ status: 404 }
);
}

if (!user.is_active) {
return NextResponse.json(
{ error: "User account is not active" },
{ status: 403 }
);
}

// Find the payout in the database
const payout = await prisma.payout.findUnique({
where: { payout_id },
select: {
payout_id: true,
status: true,
created_by: true
}
});

if (!payout) {
return NextResponse.json(
{ error: "Payout not found" },
{ status: 404 }
);
}

// Create the comment
const comment = await prisma.comment.create({
data: {
message,
user_id,
payout_id,
},
include: {
user: {
select: {
user_id: true,
username: true,
profile_url: true,
bio: true,
}
}
}
});

return NextResponse.json(
{
success: true,
comment,
message: "Comment created successfully"
},
{ status: 201 }
);
} catch (error) {
const { message, status } = handleDatabaseError(error);
return NextResponse.json({ error: message }, { status });
}
}
75 changes: 75 additions & 0 deletions src/app/api/(comment)/comment/delete/[id]/route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,75 @@
/**
* DELETE /api/comment/delete/[id]
* Deletes an existing comment (only author can edit)
*
* Params: { id: string }
* Body: { user_id: string }
* Returns: { success: boolean, message: string }
*/
import { handleDatabaseError, prisma } from "@/lib/prisma";
import { NextResponse } from "next/server";

export async function DELETE(
request: Request,
{ params }: { params: Promise<{ id: string }> }
) {
try {
const { id } = await params;
const body = await request.json();

if (!id || id === "undefined" || id === "null") {
return NextResponse.json(
{ error: "Invalid comment ID parameter" },
{ status: 400 }
);
}

// Get user_id from request body
let user_id: string = body.user_id;

if (!user_id) {
return NextResponse.json(
{ error: "User ID is required" },
{ status: 400 }
);
}

// Find the comment in the database
const existingComment = await prisma.comment.findUnique({
where: { comment_id: id },
select: {
comment_id: true,
user_id: true,
payout_id: true
}
});

if (!existingComment) {
return NextResponse.json(
{ error: "Comment not found" },
{ status: 404 }
);
}

// Verify that the user owns this comment
if (existingComment.user_id !== user_id) {
return NextResponse.json(
{ error: "You can only delete your own comments" },
{ status: 403 }
);
}

// Delete the comment
await prisma.comment.delete({
where: { comment_id: id }
});

return NextResponse.json({
success: true,
message: "Comment deleted successfully"
});
} catch (error) {
const { message, status } = handleDatabaseError(error);
return NextResponse.json({ error: message }, { status });
}
}
62 changes: 62 additions & 0 deletions src/app/api/(comment)/comment/find-by-payout/[payout_id]/route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
/**
* GET /api/comment/find-by-payout/[payout_id]
* Retrieves comments from a specific payout
*
* Params: { payout_id: string }
* Returns: { success: boolean, comments: Comment[], count: number }
*/
import { handleDatabaseError, prisma } from "@/lib/prisma";
import { NextResponse } from "next/server";

export async function GET(
{ params }: { params: Promise<{ payout_id: string }> }
) {
try {
const { payout_id } = await params;

if (!payout_id || payout_id === "undefined" || payout_id === "null") {
return NextResponse.json(
{ error: "Invalid payout_id parameter" },
{ status: 400 }
);
}

// Find the payout in the database
const payout = await prisma.payout.findUnique({
where: { payout_id },
select: { payout_id: true }
});

if (!payout) {
return NextResponse.json(
{ error: "Payout not found" },
{ status: 404 }
);
}

// Get comments for the payout, ordered chronologically
const comments = await prisma.comment.findMany({
where: { payout_id },
include: {
user: {
select: {
user_id: true,
username: true,
profile_url: true,
bio: true,
}
}
},
orderBy: { created_at: 'asc' }
});

return NextResponse.json({
success: true,
comments,
count: comments.length
});
} catch (error) {
const { message, status } = handleDatabaseError(error);
return NextResponse.json({ error: message }, { status });
}
}
91 changes: 91 additions & 0 deletions src/app/api/(comment)/comment/update/[id]/route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
/**
* PATCH /api/comment/update/[id]
* Update an existing comment (only author can edit)
*
* Params: { id: string }
* Body: { message: string, user_id: string }
* Returns: { success: boolean, comment: Comment, message: string }
*/
Comment on lines +1 to +8
Copy link
Contributor

@coderabbitai coderabbitai bot Oct 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Update JSDoc to reflect actual request body.

The JSDoc states Body: { message: string, user_id: string } but user_id is no longer accepted in the request body—it's now derived from the authenticated session. This outdated documentation could mislead API consumers.

Apply this diff to correct the documentation:

 /**
  * PATCH /api/comment/update/[id]
  * Update an existing comment (only author can edit)
  *
  * Params: { id: string }
- * Body: { message: string, user_id: string }
+ * Body: { message: string }
  * Returns: { success: boolean, comment: Comment, message: string }
  */
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
/**
* PATCH /api/comment/update/[id]
* Update an existing comment (only author can edit)
*
* Params: { id: string }
* Body: { message: string, user_id: string }
* Returns: { success: boolean, comment: Comment, message: string }
*/
/**
* PATCH /api/comment/update/[id]
* Update an existing comment (only author can edit)
*
* Params: { id: string }
* Body: { message: string }
* Returns: { success: boolean, comment: Comment, message: string }
*/
🤖 Prompt for AI Agents 
In src/app/api/(comment)/comment/update/[id]/route.ts around lines 1 to 8, the
JSDoc incorrectly lists the request body as { message: string, user_id: string }
even though user_id is now derived from the authenticated session; update the
comment to remove user_id from the Body section (e.g., Body: { message: string
}) and add a short note that the user is taken from the authenticated session so
consumers know not to send user_id.

import { commentUpdateSchema } from "@/components/modules/comment/schema/comment.schema";
import { handleDatabaseError, prisma } from "@/lib/prisma";
import { NextResponse } from "next/server";

export async function PATCH(
request: Request,
{ params }: { params: Promise<{ id: string }> }
) {
try {
const { id } = await params;
const body = await request.json();
const parsed = commentUpdateSchema.safeParse(body);

if (!parsed.success) {
return NextResponse.json(
{ error: "Invalid data", details: parsed.error.errors },
{ status: 400 }
);
}

const { message } = parsed.data;

// Get user_id from request body
let user_id: string = body.user_id;

if (!user_id) {
return NextResponse.json(
{ error: "User ID is required" },
{ status: 400 }
);
}

// Find the comment and verify ownership
const existingComment = await prisma.comment.findUnique({
where: { comment_id: id },
select: {
comment_id: true,
user_id: true,
payout_id: true
}
});

if (!existingComment) {
return NextResponse.json(
{ error: "Comment not found" },
{ status: 404 }
);
}

// Verify that the user owns this comment
if (existingComment.user_id !== user_id) {
return NextResponse.json(
{ error: "You can only update your own comments" },
{ status: 403 }
);
}

// Update the comment
const updatedComment = await prisma.comment.update({
where: { comment_id: id },
data: { message },
include: {
user: {
select: {
user_id: true,
username: true,
profile_url: true,
bio: true,
}
}
}
});

return NextResponse.json({
success: true,
comment: updatedComment,
message: "Comment updated successfully"
});
} catch (error) {
const { message, status } = handleDatabaseError(error);
return NextResponse.json({ error: message }, { status });
}
}