105 lines
2.8 KiB
TypeScript
105 lines
2.8 KiB
TypeScript
// API Route für MQTT ACL Management
|
|
import { NextRequest, NextResponse } from 'next/server';
|
|
import { auth } from '@/lib/auth';
|
|
import { mqttAclRuleDb } from '@/lib/mqtt-db';
|
|
import { deviceDb } from '@/lib/db';
|
|
|
|
/**
|
|
* GET /api/mqtt/acl?device_id=xxx
|
|
* Hole ACL Regeln für ein Device
|
|
*/
|
|
export async function GET(request: NextRequest) {
|
|
try {
|
|
const session = await auth();
|
|
if (!session?.user || (session.user as any).role !== 'ADMIN') {
|
|
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
|
|
}
|
|
|
|
const searchParams = request.nextUrl.searchParams;
|
|
const device_id = searchParams.get('device_id');
|
|
|
|
if (!device_id) {
|
|
return NextResponse.json(
|
|
{ error: 'device_id query parameter is required' },
|
|
{ status: 400 }
|
|
);
|
|
}
|
|
|
|
// Check if device belongs to user
|
|
const userId = (session.user as any).id;
|
|
const device = deviceDb.findById(device_id);
|
|
|
|
if (!device || device.ownerId !== userId) {
|
|
return NextResponse.json(
|
|
{ error: 'Device not found or access denied' },
|
|
{ status: 404 }
|
|
);
|
|
}
|
|
|
|
const rules = mqttAclRuleDb.findByDeviceId(device_id);
|
|
return NextResponse.json(rules);
|
|
} catch (error) {
|
|
console.error('Failed to fetch ACL rules:', error);
|
|
return NextResponse.json(
|
|
{ error: 'Failed to fetch ACL rules' },
|
|
{ status: 500 }
|
|
);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* POST /api/mqtt/acl
|
|
* Erstelle neue ACL Regel
|
|
*/
|
|
export async function POST(request: NextRequest) {
|
|
try {
|
|
const session = await auth();
|
|
if (!session?.user || (session.user as any).role !== 'ADMIN') {
|
|
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
|
|
}
|
|
|
|
const body = await request.json();
|
|
const { device_id, topic_pattern, permission } = body;
|
|
|
|
// Validierung
|
|
if (!device_id || !topic_pattern || !permission) {
|
|
return NextResponse.json(
|
|
{ error: 'device_id, topic_pattern, and permission are required' },
|
|
{ status: 400 }
|
|
);
|
|
}
|
|
|
|
if (!['read', 'write', 'readwrite'].includes(permission)) {
|
|
return NextResponse.json(
|
|
{ error: 'permission must be one of: read, write, readwrite' },
|
|
{ status: 400 }
|
|
);
|
|
}
|
|
|
|
// Check if device belongs to user
|
|
const userId = (session.user as any).id;
|
|
const device = deviceDb.findById(device_id);
|
|
|
|
if (!device || device.ownerId !== userId) {
|
|
return NextResponse.json(
|
|
{ error: 'Device not found or access denied' },
|
|
{ status: 404 }
|
|
);
|
|
}
|
|
|
|
const rule = mqttAclRuleDb.create({
|
|
device_id,
|
|
topic_pattern,
|
|
permission
|
|
});
|
|
|
|
return NextResponse.json(rule, { status: 201 });
|
|
} catch (error) {
|
|
console.error('Failed to create ACL rule:', error);
|
|
return NextResponse.json(
|
|
{ error: 'Failed to create ACL rule' },
|
|
{ status: 500 }
|
|
);
|
|
}
|
|
}
|