From 49bf414ce9c543dfbd3c91836515d286a4c9393d Mon Sep 17 00:00:00 2001
From: Stuart Long Chay Boon <chayboon@gmail.com>
Date: Fri, 14 Oct 2022 01:56:22 +0800
Subject: [PATCH] [offers][feat] add update and delete endpoints for comment

---
 .../router/offers/offers-comments-router.ts   | 86 +++++++++++++++++++
 1 file changed, 86 insertions(+)
 create mode 100644 apps/portal/src/server/router/offers/offers-comments-router.ts

diff --git a/apps/portal/src/server/router/offers/offers-comments-router.ts b/apps/portal/src/server/router/offers/offers-comments-router.ts
new file mode 100644
index 00000000..b0608cdd
--- /dev/null
+++ b/apps/portal/src/server/router/offers/offers-comments-router.ts
@@ -0,0 +1,86 @@
+import { z } from 'zod';
+import * as trpc from '@trpc/server';
+
+import { createProtectedRouter } from '../context';
+
+export const offersProfileRouter = createProtectedRouter()
+    .mutation("update", {
+        input: z.object({
+            id: z.string(),
+            message: z.string(),
+            profileId: z.string(),
+            // Have to pass in either userID or token for validation
+            token: z.string().optional(),
+            userId: z.string().optional(),
+        }),
+        async resolve({ ctx, input }) {
+            const messageToUpdate = await ctx.prisma.offersReply.findFirst({
+                where: {
+                    id: input.id
+                }
+            })
+            const profile = await ctx.prisma.offersProfile.findFirst({
+                where: {
+                id: input.profileId,
+                },
+            });
+
+            const profileEditToken = profile?.editToken;
+
+            // To validate user editing, OP or correct user
+            // TODO: improve validation process
+            if (profileEditToken === input.token || messageToUpdate?.userId === input.userId) {
+                await ctx.prisma.offersReply.update({
+                    data: {
+                        message: input.message
+                    },
+                    where: {
+                        id: input.id
+                    }
+                })
+            }
+
+            throw new trpc.TRPCError({
+                code: 'UNAUTHORIZED',
+                message: 'Wrong userId or token.'
+            })
+        }
+    })
+    .mutation("delete", {
+        input: z.object({
+            id: z.string(),
+            profileId: z.string(),
+            // Have to pass in either userID or token for validation
+            token: z.string().optional(),
+            userId: z.string().optional(),
+        }),
+        async resolve({ ctx, input }) {
+            const messageToDelete = await ctx.prisma.offersReply.findFirst({
+                where: {
+                    id: input.id
+                }
+            })
+            const profile = await ctx.prisma.offersProfile.findFirst({
+                where: {
+                    id: input.profileId,
+                },
+            });
+
+            const profileEditToken = profile?.editToken;
+
+            // To validate user editing, OP or correct user
+            // TODO: improve validation process
+            if (profileEditToken === input.token || messageToDelete?.userId === input.userId) {
+                await ctx.prisma.offersReply.delete({
+                    where: {
+                        id: input.id
+                    }
+                })
+            }
+
+            throw new trpc.TRPCError({
+                code: 'UNAUTHORIZED',
+                message: 'Wrong userId or token.'
+            })
+        }
+    })
\ No newline at end of file