create recipient and short uid

2025-11-13 00:03:33 +10:00 · 2023-01-27 17:14:36 +01:00
parent c61fc30420
commit c29c262566
3 changed files with 81 additions and 0 deletions
--- a/apps/web/package.json
+++ b/apps/web/package.json
@ -37,6 +37,7 @@
    "react-hook-form": "^7.41.5",
    "react-pdf": "^6.2.2",
    "sass": "^1.57.1",
+    "short-uuid": "^4.2.2",
    "typescript": "4.8.4"
  },
  "devDependencies": {
--- a/apps/web/pages/api/recipients/index.ts
+++ b/apps/web/pages/api/recipients/index.ts
@ -0,0 +1,47 @@
+import {
+  defaultHandler,
+  defaultResponder,
+  getUserFromToken,
+} from "@documenso/lib/server";
+import prisma from "@documenso/prisma";
+import { NextApiRequest, NextApiResponse } from "next";
+import short from "short-uuid";
+import { Document as PrismaDocument } from "@prisma/client";
+
+async function postHandler(req: NextApiRequest, res: NextApiResponse) {
+  const user = await getUserFromToken(req, res);
+  const { id: documentId } = req.query;
+  const body = req.body;
+
+  if (!user) return;
+
+  if (!documentId) {
+    res.status(400).send("Missing parameter documentId.");
+    return;
+  }
+
+  const document: PrismaDocument = await prisma.document.findFirstOrThrow({
+    where: {
+      id: +documentId,
+    },
+  });
+
+  // todo encapsulate entity ownerships
+  if (document.userId !== user.id) {
+    return res.status(401).send("User does not have access to this document.");
+  }
+
+  await prisma.recipient.create({
+    data: {
+      documentId: +documentId,
+      email: body.email,
+      token: short.generate(),
+    },
+  });
+
+  return res.status(201).end();
+}
+
+export default defaultHandler({
+  POST: Promise.resolve({ default: defaultResponder(postHandler) }),
+});