xiaomai
b64a2b4c1c
Add payment method selection (Cash/Bank) to booking details Support uploading, downloading, and deleting transaction documents Update database schema and API endpoints to handle file storage
36 lines
1.3 KiB
TypeScript
36 lines
1.3 KiB
TypeScript
import { sendStream, setHeader } from 'h3'
|
|
|
|
import { requireAuth } from '../../../utils/auth'
|
|
import { getBookingTransactionDocument } from '../../../utils/booking-repository'
|
|
import { getRequiredRouteParam, httpError } from '../../../utils/http'
|
|
import {
|
|
getSafeDownloadName,
|
|
getTransactionDocumentFile
|
|
} from '../../../utils/transaction-documents'
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
const auth = await requireAuth(event)
|
|
const bookingId = getRequiredRouteParam(event, 'id', 'Booking ID')
|
|
|
|
const document = await getBookingTransactionDocument({
|
|
bookingId,
|
|
personInChargeId: auth.user.role === 'super_admin' ? undefined : auth.user.id
|
|
})
|
|
|
|
if (!document) {
|
|
httpError(404, 'Transaction document not found')
|
|
}
|
|
|
|
const file = await getTransactionDocumentFile(document.storageName)
|
|
const downloadName = getSafeDownloadName(document.originalName)
|
|
|
|
setHeader(event, 'content-type', document.mimeType)
|
|
setHeader(event, 'content-length', String(file.size))
|
|
setHeader(event, 'content-disposition', `attachment; filename="${downloadName}"`)
|
|
setHeader(event, 'x-content-type-options', 'nosniff')
|
|
setHeader(event, 'cache-control', 'private, no-store')
|
|
setHeader(event, 'content-security-policy', 'sandbox')
|
|
|
|
return sendStream(event, file.stream)
|
|
})
|