148 lines
5.2 KiB
TypeScript
148 lines
5.2 KiB
TypeScript
import { createMember, handleNocoDbError } from '~/server/utils/nocodb';
|
|
import { createSessionManager } from '~/server/utils/session';
|
|
import type { Member, MembershipStatus } from '~/utils/types';
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
console.log('[api/members.post] =========================');
|
|
console.log('[api/members.post] POST /api/members - Create new member');
|
|
console.log('[api/members.post] Request from:', getClientIP(event));
|
|
|
|
try {
|
|
// Validate session and require Board+ privileges
|
|
const sessionManager = createSessionManager();
|
|
const cookieHeader = getCookie(event, 'monacousa-session') ? getHeader(event, 'cookie') : undefined;
|
|
const session = sessionManager.getSession(cookieHeader);
|
|
|
|
if (!session?.user) {
|
|
throw createError({
|
|
statusCode: 401,
|
|
statusMessage: 'Authentication required'
|
|
});
|
|
}
|
|
|
|
const userTier = session.user.tier;
|
|
if (userTier !== 'board' && userTier !== 'admin') {
|
|
throw createError({
|
|
statusCode: 403,
|
|
statusMessage: 'Board member privileges required to create members'
|
|
});
|
|
}
|
|
|
|
console.log('[api/members.post] Authorized user:', session.user.email, 'Tier:', userTier);
|
|
|
|
// Get and validate request body
|
|
const body = await readBody(event);
|
|
console.log('[api/members.post] Request body fields:', Object.keys(body));
|
|
|
|
// Validate required fields
|
|
const validationErrors = validateMemberData(body);
|
|
if (validationErrors.length > 0) {
|
|
console.error('[api/members.post] Validation errors:', validationErrors);
|
|
throw createError({
|
|
statusCode: 400,
|
|
statusMessage: `Validation failed: ${validationErrors.join(', ')}`
|
|
});
|
|
}
|
|
|
|
// Sanitize and prepare data
|
|
const memberData = sanitizeMemberData(body);
|
|
console.log('[api/members.post] Sanitized data fields:', Object.keys(memberData));
|
|
|
|
// Create member in NocoDB
|
|
const newMember = await createMember(memberData);
|
|
|
|
console.log('[api/members.post] ✅ Member created successfully with ID:', newMember.Id);
|
|
|
|
// Return processed member
|
|
const processedMember = {
|
|
...newMember,
|
|
FullName: `${newMember['First Name'] || ''} ${newMember['Last Name'] || ''}`.trim(),
|
|
FormattedPhone: formatPhoneNumber(newMember.Phone)
|
|
};
|
|
|
|
return {
|
|
success: true,
|
|
data: processedMember,
|
|
message: 'Member created successfully'
|
|
};
|
|
|
|
} catch (error: any) {
|
|
console.error('[api/members.post] ❌ Error creating member:', error);
|
|
handleNocoDbError(error, 'createMember', 'Member');
|
|
}
|
|
});
|
|
|
|
function validateMemberData(data: any): string[] {
|
|
const errors: string[] = [];
|
|
|
|
// Required fields
|
|
if (!data['First Name'] || typeof data['First Name'] !== 'string' || data['First Name'].trim().length < 2) {
|
|
errors.push('First Name is required and must be at least 2 characters');
|
|
}
|
|
|
|
if (!data['Last Name'] || typeof data['Last Name'] !== 'string' || data['Last Name'].trim().length < 2) {
|
|
errors.push('Last Name is required and must be at least 2 characters');
|
|
}
|
|
|
|
if (!data.Email || typeof data.Email !== 'string' || !isValidEmail(data.Email)) {
|
|
errors.push('Valid email address is required');
|
|
}
|
|
|
|
// Optional field validation
|
|
if (data.Phone && typeof data.Phone === 'string' && data.Phone.trim()) {
|
|
const phoneRegex = /^[\+]?[1-9][\d]{0,15}$/;
|
|
const cleanPhone = data.Phone.replace(/\D/g, '');
|
|
if (!phoneRegex.test(cleanPhone)) {
|
|
errors.push('Phone number format is invalid');
|
|
}
|
|
}
|
|
|
|
if (data['Membership Status'] && !['Active', 'Inactive', 'Pending', 'Expired'].includes(data['Membership Status'])) {
|
|
errors.push('Invalid membership status');
|
|
}
|
|
|
|
return errors;
|
|
}
|
|
|
|
function sanitizeMemberData(data: any): Partial<Member> {
|
|
const sanitized: any = {};
|
|
|
|
// Required fields
|
|
sanitized['First Name'] = data['First Name'].trim();
|
|
sanitized['Last Name'] = data['Last Name'].trim();
|
|
sanitized['Email'] = data.Email.trim().toLowerCase();
|
|
|
|
// Optional fields
|
|
if (data.Phone) sanitized.Phone = data.Phone.trim();
|
|
if (data.Nationality) sanitized.Nationality = data.Nationality.trim();
|
|
if (data.Address) sanitized.Address = data.Address.trim();
|
|
if (data['Date of Birth']) sanitized['Date of Birth'] = data['Date of Birth'];
|
|
if (data['Member Since']) sanitized['Member Since'] = data['Member Since'];
|
|
if (data['Membership Date Paid']) sanitized['Membership Date Paid'] = data['Membership Date Paid'];
|
|
if (data['Payment Due Date']) sanitized['Payment Due Date'] = data['Payment Due Date'];
|
|
|
|
// Boolean fields
|
|
sanitized['Current Year Dues Paid'] = Boolean(data['Current Year Dues Paid']);
|
|
|
|
// Enum fields
|
|
sanitized['Membership Status'] = data['Membership Status'] || 'Pending';
|
|
|
|
return sanitized;
|
|
}
|
|
|
|
function isValidEmail(email: string): boolean {
|
|
const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
|
|
return emailRegex.test(email);
|
|
}
|
|
|
|
function formatPhoneNumber(phone: string): string {
|
|
if (!phone) return '';
|
|
const cleaned = phone.replace(/\D/g, '');
|
|
if (cleaned.length === 10) {
|
|
return `(${cleaned.substring(0, 3)}) ${cleaned.substring(3, 6)}-${cleaned.substring(6)}`;
|
|
} else if (cleaned.length === 11 && cleaned.startsWith('1')) {
|
|
return `+1 (${cleaned.substring(1, 4)}) ${cleaned.substring(4, 7)}-${cleaned.substring(7)}`;
|
|
}
|
|
return phone;
|
|
}
|