set-default route.ts

0% Statements 0/86
100% Branches 0/0
0% Functions 0/1
0% Lines 0/86
Press n or j to go to the next uncovered block, b, p or k for the previous block.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
  import { NextRequest, NextResponse } from "next/server";
import { auth } from "@/lib/auth/auth";
import { prisma } from "@/lib/prisma";
import { addSecurityHeaders } from "@/lib/security";
import { checkRateLimit, rateLimitPresets, getRateLimitInfo } from "@/lib/security";
import { logger } from "@/lib/logging";

// POST /api/user/addresses/[id]/set-default - Set address as default
export async function POST(
  request: NextRequest,
  { params }: { params: Promise<{ id: string }> }
) {
  try {
    const resolvedParams = await params;
    // Rate limiting
    const ip = request.headers.get("x-forwarded-for") || request.headers.get("x-real-ip") || "unknown";
    if (!checkRateLimit(`api-user-addresses-set-default-${ip}`, rateLimitPresets.standard.limit, rateLimitPresets.standard.windowMs)) {
//
      const rateLimitInfo = getRateLimitInfo(`api-user-addresses-set-default-${ip}`, rateLimitPresets.standard.limit);
      return NextResponse.json(
        { error: "Rate limit exceeded" },
        {
          status: 429,
          headers: {
            "X-RateLimit-Limit": rateLimitInfo.limit.toString(),
            "X-RateLimit-Remaining": rateLimitInfo.remaining.toString(),
            "X-RateLimit-Reset": rateLimitInfo.resetTime}}
      );
    }

    // Check authentication
    const session = await auth();
    if (!session?.user?.id) {
      const response = NextResponse.json({ error: "Unauthorized" }, { status: 401 });
      return addSecurityHeaders(response);
    }

    const userId = session.user.id;

    const addressId = parseInt(resolvedParams.id);
    if (isNaN(addressId)) {
      const response = NextResponse.json({ error: "Invalid address ID" }, { status: 400 });
      return addSecurityHeaders(response);
    }

    // Verify address belongs to user
    const existingAddress = await prisma.address.findFirst({
      where: {
        id: addressId,
        userId}});

    if (!existingAddress) {
      const response = NextResponse.json({ error: "Address not found" }, { status: 404 });
      return addSecurityHeaders(response);
    }

    // Set this address as default and unset others of the same type
    const updatedAddress = await prisma.$transaction(async (tx) => {
      // Unset other defaults of the same type
      await tx.address.updateMany({
        where: {
          userId,
          type: existingAddress.type,
          isDefault: true,
          id: { not: addressId }},
        data: { isDefault: false }});

      // Set this address as default
      return await tx.address.update({
        where: { id: addressId },
        data: { isDefault: true }});
    });

    const response = NextResponse.json({
      success: true,
      message: "Address set as default",
      address: updatedAddress});
    return addSecurityHeaders(response);
  } catch (error) {
    logger.error("Error setting address as default", error instanceof Error ? error : new Error(String(error)), { category: "API" });
    const response = NextResponse.json(
      { error: "Failed to set address as default" },
      { status: 500 }
    );
    return addSecurityHeaders(response);
  }
}