joachim/location-mqtt-tracker-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3ac82621c860c741214bf4faa55bd64da7a823a8
location-mqtt-tracker-app/app/api/geofences/[id]/route.ts
Joachim Hummel 3ac82621c8 Security update: Patch React and Next.js CVE vulnerabilities 
Updated React to 19.2.1 and Next.js to 16.0.7 to address critical security vulnerabilities:
- CVE-2025-55182: React Server Components deserialization flaw
- CVE-2025-66478: Next.js RSC implementation vulnerability

Also includes:
- Add PATCH endpoint for geofence updates
- Reorder admin navigation items
- Add geofence update functionality in database layer

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-04 09:30:47 +00:00

148 lines
4.1 KiB
TypeScript
Raw Blame History

import { NextResponse } from "next/server";
import { auth } from "@/lib/auth";
import { geofenceDb } from "@/lib/geofence-db";
// PATCH /api/geofences/[id] - Update a geofence
export async function PATCH(
request: Request,
{ params }: { params: Promise<{ id: string }> }
) {
try {
const session = await auth();
if (!session?.user) {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
}
const userId = (session.user as any).id;
const { id: geofenceId } = await params;
// Check if geofence exists
const geofence = geofenceDb.findById(geofenceId);
if (!geofence) {
return NextResponse.json(
{ error: "Geofence not found" },
{ status: 404 }
);
}
// Check ownership
if (geofence.owner_id !== userId) {
return NextResponse.json(
{ error: "Forbidden: You can only update your own geofences" },
{ status: 403 }
);
}
// Parse request body
const body = await request.json();
const { name, description, radius_meters, color, is_active } = body;
// Build updates object with only provided fields
const updates: any = {};
if (name !== undefined) updates.name = name;
if (description !== undefined) updates.description = description;
if (radius_meters !== undefined) updates.radius_meters = radius_meters;
if (color !== undefined) updates.color = color;
if (is_active !== undefined) updates.is_active = is_active;
// Validate updates if provided
if (radius_meters !== undefined) {
if (typeof radius_meters !== 'number' || radius_meters < 50 || radius_meters > 50000) {
return NextResponse.json(
{ error: "Invalid radius_meters (must be between 50 and 50000)" },
{ status: 400 }
);
}
}
// Update geofence
const updatedGeofence = geofenceDb.update(geofenceId, updates);
if (!updatedGeofence) {
return NextResponse.json(
{ error: "Failed to update geofence" },
{ status: 500 }
);
}
console.log(`[PATCH /api/geofences/${geofenceId}] Updated geofence ${updatedGeofence.name} for user ${userId}`);
return NextResponse.json({
success: true,
geofence: updatedGeofence,
});
} catch (error) {
console.error(`[PATCH /api/geofences/[id]] Error:`, error);
return NextResponse.json(
{
error: "Failed to update geofence",
details: error instanceof Error ? error.message : "Unknown error",
},
{ status: 500 }
);
}
}
// DELETE /api/geofences/[id] - Delete a geofence
export async function DELETE(
request: Request,
{ params }: { params: Promise<{ id: string }> }
) {
try {
const session = await auth();
if (!session?.user) {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
}
const userId = (session.user as any).id;
const { id: geofenceId } = await params;
// Check if geofence exists
const geofence = geofenceDb.findById(geofenceId);
if (!geofence) {
return NextResponse.json(
{ error: "Geofence not found" },
{ status: 404 }
);
}
// Check ownership
if (geofence.owner_id !== userId) {
return NextResponse.json(
{ error: "Forbidden: You can only delete your own geofences" },
{ status: 403 }
);
}
// Delete geofence (CASCADE will delete related events and status)
const deleted = geofenceDb.delete(geofenceId);
if (!deleted) {
return NextResponse.json(
{ error: "Failed to delete geofence" },
{ status: 500 }
);
}
console.log(`[DELETE /api/geofences/${geofenceId}] Deleted geofence ${geofence.name} for user ${userId}`);
return NextResponse.json({
success: true,
message: "Geofence deleted successfully",
});
} catch (error) {
console.error(`[DELETE /api/geofences/[id]] Error:`, error);
return NextResponse.json(
{
error: "Failed to delete geofence",
details: error instanceof Error ? error.message : "Unknown error",
},
{ status: 500 }
);
}
}
Reference in New Issue View Git Blame Copy Permalink