obsidian-visualiser/server/api/character.get.ts

import { and, eq, sql } from 'drizzle-orm';
import useDatabase from '~/composables/useDatabase';
import { characterTable, userPermissionsTable } from '~/db/schema';
import { hasPermissions } from '~/shared/auth.util';
import type { Character } from '~/types/character';

export default defineEventHandler(async (e) => {
    let { visibility } = getQuery(e) as { visibility?: "public" | "own" | "admin" };

    if(!visibility)
    {
        visibility = "own";
    }

    if(visibility === "own")
    {
        const session = await getUserSession(e);
        if(!session.user)
        {
            setResponseStatus(e, 401);
            return;
        }
        
        const db = useDatabase();
        const characters = db.select({
            id: characterTable.id,
            name: characterTable.name,
            progress: characterTable.progress,
            visibility: characterTable.visibility,
        }).from(characterTable).where(eq(characterTable.owner, session.user.id)).all();

        if(characters !== undefined)
        {
            return characters as Character[];
        }
    }
    else if(visibility === 'public')
    {
        const db = useDatabase();
        const characters = db.select({
            id: characterTable.id,
            name: characterTable.name,
            progress: characterTable.progress,
            visibility: characterTable.visibility,
        }).from(characterTable).where(eq(characterTable.visibility, "public")).all();

        if(characters !== undefined)
        {
            return characters as Character[];
        }
    }
    else if(visibility === 'admin')
    {
        const session = await getUserSession(e);
        if(!session.user)
        {
            setResponseStatus(e, 401);
            return;
        }
        const db = useDatabase();

        const rights = db.select({ right: userPermissionsTable.permission }).from(userPermissionsTable).where(eq(userPermissionsTable.id, session.user.id)).all();
        if(rights.length === 0 || !hasPermissions(rights.map(e => e.right), ['admin']))
        {
            setResponseStatus(e, 403);
            return;
        }

        const characters = db.select({
            id: characterTable.id,
            name: characterTable.name,
            progress: characterTable.progress,
            visibility: characterTable.visibility,
        }).from(characterTable).all();

        if(characters !== undefined)
        {
            return characters as Character[];
        }
    }
    
    setResponseStatus(e, 404);
    return;
});