import { and, eq, sql } from 'drizzle-orm'; import useDatabase from '~/composables/useDatabase'; import { characterTable, userPermissionsTable } from '~/db/schema'; import { hasPermissions } from '~/shared/auth.util'; import type { Character } from '~/types/character'; export default defineEventHandler(async (e) => { let { visibility } = getQuery(e) as { visibility?: "public" | "own" | "admin" }; if(!visibility) { visibility = "own"; } if(visibility === "own") { const session = await getUserSession(e); if(!session.user) { setResponseStatus(e, 401); return; } const db = useDatabase(); const characters = db.select({ id: characterTable.id, name: characterTable.name, progress: characterTable.progress, visibility: characterTable.visibility, }).from(characterTable).where(eq(characterTable.owner, session.user.id)).all(); if(characters !== undefined) { return characters as Character[]; } } else if(visibility === 'public') { const db = useDatabase(); const characters = db.select({ id: characterTable.id, name: characterTable.name, progress: characterTable.progress, visibility: characterTable.visibility, }).from(characterTable).where(eq(characterTable.visibility, "public")).all(); if(characters !== undefined) { return characters as Character[]; } } else if(visibility === 'admin') { const session = await getUserSession(e); if(!session.user) { setResponseStatus(e, 401); return; } const db = useDatabase(); const rights = db.select({ right: userPermissionsTable.permission }).from(userPermissionsTable).where(eq(userPermissionsTable.id, session.user.id)).all(); if(rights.length === 0 || !hasPermissions(rights.map(e => e.right), ['admin'])) { setResponseStatus(e, 403); return; } const characters = db.select({ id: characterTable.id, name: characterTable.name, progress: characterTable.progress, visibility: characterTable.visibility, }).from(characterTable).all(); if(characters !== undefined) { return characters as Character[]; } } setResponseStatus(e, 404); return; });