23b117a3fa
- 配置 Next.js 14 + TypeScript + TailwindCSS - 集成 Supabase (Auth + Storage + Database) - 实现认证 API (login/logout/me) - 实现文件存储 API (upload/list/get/delete) - 实现数据库操作 API (tables/query) - 添加 Supabase 初始化 SQL 脚本 - 添加环境变量配置示例 - 添加项目文档
165 lines
4.2 KiB
TypeScript
165 lines
4.2 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server';
|
|
import { supabase } from '@/lib/supabase';
|
|
|
|
// POST - Execute a query on a table
|
|
export async function POST(request: NextRequest) {
|
|
try {
|
|
// Get the access token from cookie or header
|
|
const accessToken =
|
|
request.cookies.get('sb-access-token')?.value ||
|
|
request.headers.get('authorization')?.replace('Bearer ', '');
|
|
|
|
if (!accessToken) {
|
|
return NextResponse.json(
|
|
{ success: false, error: 'Not authenticated' },
|
|
{ status: 401 }
|
|
);
|
|
}
|
|
|
|
// Verify user
|
|
const { data: userData, error: userError } = await supabase.auth.getUser(accessToken);
|
|
if (userError || !userData.user) {
|
|
return NextResponse.json(
|
|
{ success: false, error: 'Invalid authentication' },
|
|
{ status: 401 }
|
|
);
|
|
}
|
|
|
|
const userId = userData.user.id;
|
|
const { table, operation, data: queryData, filters } = await request.json();
|
|
|
|
if (!table) {
|
|
return NextResponse.json(
|
|
{ success: false, error: 'Table name is required' },
|
|
{ status: 400 }
|
|
);
|
|
}
|
|
|
|
let result;
|
|
|
|
switch (operation) {
|
|
case 'select': {
|
|
let query = supabase.from(table).select('*');
|
|
|
|
// Apply filters if provided
|
|
if (filters) {
|
|
for (const [key, value] of Object.entries(filters)) {
|
|
query = query.eq(key, value);
|
|
}
|
|
}
|
|
|
|
// Only allow user to query their own data
|
|
const { data: columns } = await supabase
|
|
.from(table)
|
|
.select('*')
|
|
.limit(1);
|
|
|
|
if (columns && columns.length > 0 && 'user_id' in columns[0]) {
|
|
query = query.eq('user_id', userId);
|
|
}
|
|
|
|
const { data, error } = await query;
|
|
if (error) throw error;
|
|
result = data;
|
|
break;
|
|
}
|
|
|
|
case 'insert': {
|
|
const insertData = {
|
|
...queryData,
|
|
user_id: userId,
|
|
};
|
|
|
|
const { data, error } = await supabase
|
|
.from(table)
|
|
.insert(insertData)
|
|
.select()
|
|
.single();
|
|
|
|
if (error) throw error;
|
|
result = data;
|
|
break;
|
|
}
|
|
|
|
case 'update': {
|
|
if (!filters || Object.keys(filters).length === 0) {
|
|
return NextResponse.json(
|
|
{ success: false, error: 'Filters required for update' },
|
|
{ status: 400 }
|
|
);
|
|
}
|
|
|
|
let query = supabase.from(table).update(queryData);
|
|
|
|
// Apply filters
|
|
for (const [key, value] of Object.entries(filters)) {
|
|
query = query.eq(key, value);
|
|
}
|
|
|
|
// Ensure user can only update their own data
|
|
const { data: columns } = await supabase
|
|
.from(table)
|
|
.select('*')
|
|
.limit(1);
|
|
|
|
if (columns && columns.length > 0 && 'user_id' in columns[0]) {
|
|
query = query.eq('user_id', userId);
|
|
}
|
|
|
|
const { data, error } = await query.select().single();
|
|
if (error) throw error;
|
|
result = data;
|
|
break;
|
|
}
|
|
|
|
case 'delete': {
|
|
if (!filters || Object.keys(filters).length === 0) {
|
|
return NextResponse.json(
|
|
{ success: false, error: 'Filters required for delete' },
|
|
{ status: 400 }
|
|
);
|
|
}
|
|
|
|
let query = supabase.from(table).delete();
|
|
|
|
// Apply filters
|
|
for (const [key, value] of Object.entries(filters)) {
|
|
query = query.eq(key, value);
|
|
}
|
|
|
|
// Ensure user can only delete their own data
|
|
const { data: columns } = await supabase
|
|
.from(table)
|
|
.select('*')
|
|
.limit(1);
|
|
|
|
if (columns && columns.length > 0 && 'user_id' in columns[0]) {
|
|
query = query.eq('user_id', userId);
|
|
}
|
|
|
|
const { error } = await query;
|
|
if (error) throw error;
|
|
result = { deleted: true };
|
|
break;
|
|
}
|
|
|
|
default:
|
|
return NextResponse.json(
|
|
{ success: false, error: 'Invalid operation' },
|
|
{ status: 400 }
|
|
);
|
|
}
|
|
|
|
return NextResponse.json({
|
|
success: true,
|
|
data: result,
|
|
});
|
|
} catch (error) {
|
|
console.error('Database query error:', error);
|
|
return NextResponse.json(
|
|
{ success: false, error: 'Query failed' },
|
|
{ status: 500 }
|
|
);
|
|
}
|
|
}
|