Kingsmai/dticket.tootaio.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cb683d6b3d0e47303de0ff5a29a365e13d50e0ee
dticket.tootaio.com/server/api/public/bookings/[token]/cancel.post.ts
xiaomai cb683d6b3d feat(bookings): restrict management to assigned PIC or super admin 
Secure API endpoints with requireBookingManager authorization check
Update confirmation page to prompt for login if unauthorized
Add safe redirect handling to login and guest middleware
2026-05-09 13:28:50 +08:00

35 lines
1.1 KiB
TypeScript
Raw Blame History

import type { CancelBookingConfirmationResponse } from '~~/shared/booking'
import { requireBookingManager } from '../../../../utils/auth'
import { cancelBookingConfirmationByConfirmationToken, getBookingByConfirmationToken } from '../../../../utils/booking-repository'
import { getRequiredRouteParam, httpError } from '../../../../utils/http'
export default defineEventHandler(async (event): Promise<CancelBookingConfirmationResponse> => {
const token = getRequiredRouteParam(event, 'token', 'Confirmation token')
const existingBooking = await getBookingByConfirmationToken(token, { includeTransactionDocument: true })
if (!existingBooking) {
httpError(404, 'Booking not found')
}
await requireBookingManager(event, existingBooking)
if (existingBooking.status === 'pending') {
return {
booking: existingBooking,
alreadyPending: true
}
}
const booking = await cancelBookingConfirmationByConfirmationToken(token)
if (!booking) {
httpError(404, 'Booking not found')
}
return {
booking: await getBookingByConfirmationToken(token, { includeTransactionDocument: true }) || booking,
alreadyPending: false
}
})
Reference in New Issue View Git Blame Copy Permalink