import { NextRequest, NextResponse } from 'next/server'; import { supabase } from '@/lib/supabase'; // POST - Execute a query on a table export async function POST(request: NextRequest) { try { // Get the access token from cookie or header const accessToken = request.cookies.get('sb-access-token')?.value || request.headers.get('authorization')?.replace('Bearer ', ''); if (!accessToken) { return NextResponse.json( { success: false, error: 'Not authenticated' }, { status: 401 } ); } // Verify user const { data: userData, error: userError } = await supabase.auth.getUser(accessToken); if (userError || !userData.user) { return NextResponse.json( { success: false, error: 'Invalid authentication' }, { status: 401 } ); } const userId = userData.user.id; const { table, operation, data: queryData, filters } = await request.json(); if (!table) { return NextResponse.json( { success: false, error: 'Table name is required' }, { status: 400 } ); } let result; switch (operation) { case 'select': { let query = supabase.from(table).select('*'); // Apply filters if provided if (filters) { for (const [key, value] of Object.entries(filters)) { query = query.eq(key, value); } } // Only allow user to query their own data const { data: columns } = await supabase .from(table) .select('*') .limit(1); if (columns && columns.length > 0 && 'user_id' in columns[0]) { query = query.eq('user_id', userId); } const { data, error } = await query; if (error) throw error; result = data; break; } case 'insert': { const insertData = { ...queryData, user_id: userId, }; const { data, error } = await supabase .from(table) .insert(insertData) .select() .single(); if (error) throw error; result = data; break; } case 'update': { if (!filters || Object.keys(filters).length === 0) { return NextResponse.json( { success: false, error: 'Filters required for update' }, { status: 400 } ); } let query = supabase.from(table).update(queryData); // Apply filters for (const [key, value] of Object.entries(filters)) { query = query.eq(key, value); } // Ensure user can only update their own data const { data: columns } = await supabase .from(table) .select('*') .limit(1); if (columns && columns.length > 0 && 'user_id' in columns[0]) { query = query.eq('user_id', userId); } const { data, error } = await query.select().single(); if (error) throw error; result = data; break; } case 'delete': { if (!filters || Object.keys(filters).length === 0) { return NextResponse.json( { success: false, error: 'Filters required for delete' }, { status: 400 } ); } let query = supabase.from(table).delete(); // Apply filters for (const [key, value] of Object.entries(filters)) { query = query.eq(key, value); } // Ensure user can only delete their own data const { data: columns } = await supabase .from(table) .select('*') .limit(1); if (columns && columns.length > 0 && 'user_id' in columns[0]) { query = query.eq('user_id', userId); } const { error } = await query; if (error) throw error; result = { deleted: true }; break; } default: return NextResponse.json( { success: false, error: 'Invalid operation' }, { status: 400 } ); } return NextResponse.json({ success: true, data: result, }); } catch (error) { console.error('Database query error:', error); return NextResponse.json( { success: false, error: 'Query failed' }, { status: 500 } ); } }