Kingsmai/dticket.tootaio.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f6212d81014d3720268158996191f1e1f4f2f93a
dticket.tootaio.com/server/api/public/bookings/[token]/cancel.post.ts
xiaomai cb683d6b3d feat(bookings): restrict management to assigned PIC or super admin 
Secure API endpoints with requireBookingManager authorization check
Update confirmation page to prompt for login if unauthorized
Add safe redirect handling to login and guest middleware
2026-05-09 13:28:50 +08:00

35 lines
1.1 KiB
TypeScript
Raw Blame History

import type { CancelBookingConfirmationResponse } from '~~/shared/booking'
import { requireBookingManager } from '../../../../utils/auth'
import { cancelBookingConfirmationByConfirmationToken, getBookingByConfirmationToken } from '../../../../utils/booking-repository'
import { getRequiredRouteParam, httpError } from '../../../../utils/http'
export default defineEventHandler(async (event): Promise<CancelBookingConfirmationResponse> => {
const token = getRequiredRouteParam(event, 'token', 'Confirmation token')
const existingBooking = await getBookingByConfirmationToken(token, { includeTransactionDocument: true })
if (!existingBooking) {
httpError(404, 'Booking not found')
}
await requireBookingManager(event, existingBooking)
if (existingBooking.status === 'pending') {
return {
booking: existingBooking,
alreadyPending: true
}
}
const booking = await cancelBookingConfirmationByConfirmationToken(token)
if (!booking) {
httpError(404, 'Booking not found')
}
return {
booking: await getBookingByConfirmationToken(token, { includeTransactionDocument: true }) || booking,
alreadyPending: false
}
})
Reference in New Issue View Git Blame Copy Permalink