Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 | 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 1x 6x 6x 6x 6x 6x 6x 6x 6x 6x 1x 1x 5x 5x 5x 5x 5x 5x 5x 4x 6x 1x 1x 3x 3x 6x 1x 1x 2x 2x 2x 1x 1x | import { NextRequest, NextResponse } from 'next/server';
import {
withAuth,
withErrorHandling,
successResponse,
ApiError,
ApiSuccessResponse,
ApiErrorResponse } from "@/lib/api";
import { RouteContext } from "@/lib/api/middleware";
import { prisma } from "@/lib/prisma";
import { Session } from "next-auth";
// GET /api/orders/[id] - Get a specific order
async function handleGet(
_request: NextRequest,
context: RouteContext | undefined,
session: Session
): Promise<NextResponse<ApiSuccessResponse<unknown> | ApiErrorResponse>> {
const { id } = await context!.params!;
const orderId = parseInt(id);
if (isNaN(orderId)) {
throw ApiError.invalidId("order ID");
}
// Fetch order and verify ownership
const order = await prisma.order.findUnique({
where: { id: orderId },
include: {
items: { include: { product: true } },
user: { select: { id: true, name: true, email: true } }}});
if (!order) {
throw ApiError.notFound("Order", orderId);
}
// Verify ownership
if (order.userId !== session.user.id) {
throw ApiError.forbidden("You do not have access to this order");
}
return successResponse(order);
}
export const GET = withErrorHandling(withAuth(handleGet));
|