import { NextResponse } from 'next/server';
import { getServerSession } from 'next-auth';
import { PrismaClient } from '@prisma/client';
import { authOptions } from '@/app/api/auth/[...nextauth]/route';
import { createClient } from 'webdav';
import { prisma } from '@/lib/prisma';
import { Buffer } from 'buffer';
// Use a single PrismaClient instance
declare global {
var prisma: PrismaClient | undefined;
}
const prismaClient = global.prisma || new PrismaClient();
if (process.env.NODE_ENV !== 'production') global.prisma = prismaClient;
// Helper function to create WebDAV client
const createWebDAVClient = async (userId: string) => {
const credentials = await prismaClient.webDAVCredentials.findUnique({
where: { userId },
});
if (!credentials) {
throw new Error('No WebDAV credentials found');
}
const baseURL = process.env.NEXTCLOUD_URL;
if (!baseURL) {
throw new Error('NEXTCLOUD_URL environment variable is not set');
}
const normalizedBaseURL = baseURL.endsWith('/') ? baseURL.slice(0, -1) : baseURL;
const webdavURL = `${normalizedBaseURL}/remote.php/dav`;
return {
client: createClient(webdavURL, {
username: credentials.username,
password: credentials.password,
authType: 'password',
}),
username: credentials.username
};
};
// Helper function to extract text content from XML
function extractTextContent(xml: string, tag: string): string | null {
const regex = new RegExp(`<${tag}[^>]*>(.*?)`, 's');
const match = xml.match(regex);
return match ? match[1].trim() : null;
}
// Helper function to check if a response is a collection
function isCollection(xml: string): boolean {
return xml.includes('');
}
export async function GET(request: Request) {
try {
const { searchParams } = new URL(request.url);
const folder = searchParams.get('folder');
if (!folder) {
return NextResponse.json({ error: 'Folder parameter is required' }, { status: 400 });
}
const session = await getServerSession(authOptions);
if (!session?.user) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
// Get credentials without logging
const credentials = await prisma.webDAVCredentials.findUnique({
where: { userId: session.user.id }
});
if (!credentials) {
return NextResponse.json({ error: 'Nextcloud credentials not found' }, { status: 404 });
}
const nextcloudUrl = process.env.NEXTCLOUD_URL;
if (!nextcloudUrl) {
return NextResponse.json({ error: 'Nextcloud URL not configured' }, { status: 500 });
}
const path = `/files/${credentials.username}/Private/${folder}`;
const url = `${nextcloudUrl}/remote.php/dav${path}`;
// Make PROPFIND request to get directory contents
const response = await fetch(url, {
method: 'PROPFIND',
headers: {
'Authorization': `Basic ${Buffer.from(`${credentials.username}:${credentials.password}`).toString('base64')}`,
'Depth': '1',
'Content-Type': 'application/xml',
},
body: '',
});
if (!response.ok) {
console.error('Error fetching directory contents:', response.status, response.statusText);
return NextResponse.json({ error: 'Failed to fetch directory contents' }, { status: response.status });
}
const text = await response.text();
const files: any[] = [];
// Split the response into individual file entries
const fileEntries = text.split('').slice(1);
for (const entry of fileEntries) {
const href = extractTextContent(entry, 'd:href');
if (!href) continue;
// Skip if it's a collection (directory)
if (isCollection(entry)) continue;
const lastmod = extractTextContent(entry, 'd:getlastmodified');
const size = extractTextContent(entry, 'd:getcontentlength');
const mime = extractTextContent(entry, 'd:getcontenttype');
const etag = extractTextContent(entry, 'd:getetag');
const filename = href.split('/').pop() || '';
// For Contacts folder, return all files
if (folder === 'Contacts') {
files.push({
filename: href,
basename: filename,
lastmod,
size,
type: 'file',
etag,
mime
});
}
// For other folders, only return markdown files
else if (filename.endsWith('.md')) {
files.push({
id: href,
title: filename.replace('.md', ''),
lastModified: new Date(lastmod || '').toISOString(),
size,
type: 'file',
mime,
etag
});
}
}
return NextResponse.json(files);
} catch (error) {
// Log error without sensitive information
console.error('Error fetching files:', error instanceof Error ? error.message : 'Unknown error');
return NextResponse.json({ error: 'Internal server error' }, { status: 500 });
}
}
export async function POST(request: Request) {
try {
const session = await getServerSession(authOptions);
if (!session?.user?.id) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const { title, content, folder } = await request.json();
if (!title || !content || !folder) {
return NextResponse.json({ error: 'Missing required fields' }, { status: 400 });
}
const { client, username } = await createWebDAVClient(session.user.id);
try {
const path = `/files/${username}/Private/${folder}/${title}.md`;
console.log('Saving note to path:', path);
await client.putFileContents(path, content);
// Get the file details after saving
const fileDetails = await client.stat(path);
return NextResponse.json({
id: fileDetails.filename,
title: fileDetails.basename.replace('.md', ''),
lastModified: new Date(fileDetails.lastmod).toISOString(),
size: fileDetails.size,
type: 'file',
mime: fileDetails.mime,
etag: fileDetails.etag
});
} catch (error) {
console.error('Error saving note:', error);
return NextResponse.json({ error: 'Failed to save note' }, { status: 500 });
}
} catch (error) {
console.error('Error in POST request:', error);
return NextResponse.json({ error: 'Internal server error' }, { status: 500 });
}
}
export async function PUT(request: Request) {
try {
const session = await getServerSession(authOptions);
if (!session?.user?.id) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const { id, title, content, folder, mime } = await request.json();
if (!id || !title || !content || !folder) {
return NextResponse.json({ error: 'Missing required fields' }, { status: 400 });
}
const { client, username } = await createWebDAVClient(session.user.id);
try {
// Use the provided path directly
const path = id;
console.log('Updating file at path:', path);
// Set the correct content type based on file extension or provided mime type
const contentType = mime || (title.endsWith('.vcf') ? 'text/vcard' : 'text/markdown');
await client.putFileContents(path, content, { contentType });
// Get the updated file details
const fileDetails = await client.stat(path);
return NextResponse.json({
id: fileDetails.filename,
title: fileDetails.basename,
lastModified: new Date(fileDetails.lastmod).toISOString(),
size: fileDetails.size,
type: 'file',
mime: fileDetails.mime,
etag: fileDetails.etag
});
} catch (error) {
console.error('Error updating file:', error);
return NextResponse.json({ error: 'Failed to update file' }, { status: 500 });
}
} catch (error) {
console.error('Error in PUT request:', error);
return NextResponse.json({ error: 'Internal server error' }, { status: 500 });
}
}
export async function DELETE(request: Request) {
try {
const session = await getServerSession(authOptions);
if (!session?.user?.id) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const { id, folder } = await request.json();
if (!id || !folder) {
return NextResponse.json({ error: 'Missing required fields' }, { status: 400 });
}
const { client, username } = await createWebDAVClient(session.user.id);
try {
const path = `/files/${username}/Private/${folder}/${id.split('/').pop()}`;
console.log('Deleting note at path:', path);
await client.deleteFile(path);
return NextResponse.json({ success: true });
} catch (error) {
console.error('Error deleting note:', error);
return NextResponse.json({ error: 'Failed to delete note' }, { status: 500 });
}
} catch (error) {
console.error('Error in DELETE request:', error);
return NextResponse.json({ error: 'Internal server error' }, { status: 500 });
}
}