public/owltide
1
0
Fork 0
Code Issues 3 Pull requests Projects Releases Packages 1 Wiki Activity Actions
owltide/server/api/schedule.patch.ts
Hornwitser 753da6d3d4 Refactor to persist and reliably deliver events 
Store events that are to be broadcasted in the database, and fetch
events to serve in the /api/event stream to the client from the
database.  This ensures that events are not lost if the operation to
open the stream takes longer than usual, or the client was not connected
at the time the event was broadcast.

To ensure no events are lost in the transition from server generating
the page to the client hydrating and establishing a connection with the
event stream, the /api/last-event-id endpoint is first queried on the
server before any other entities is fetched from the database.  The
client then passes this id when establishing the event stream, and
receives all events greater than that id.
2025-09-20 20:36:37 +02:00

95 lines
2.7 KiB
TypeScript
Raw Blame History

/*
SPDX-FileCopyrightText: © 2025 Hornwitser <code@hornwitser.no>
SPDX-License-Identifier: AGPL-3.0-or-later
*/
import { z } from "zod/v4-mini";
import { nextEventId, readSchedule, writeSchedule } from "~/server/database";
import { broadcastEvent } from "~/server/streams";
import { apiScheduleSchema } from "~/shared/types/api";
import { applyUpdatesToArray } from "~/shared/utils/update";
export default defineEventHandler(async (event) => {
const session = await requireServerSessionWithUser(event);
if (session.access !== "admin" && session.access !== "crew") {
throw createError({
status: 403,
statusMessage: "Forbidden",
message: "Only crew and admin accounts can edit the schedule.",
});
}
const { success, error, data: update } = apiScheduleSchema.safeParse(await readBody(event));
if (!success) {
throw createError({
status: 400,
statusText: "Bad Request",
message: z.prettifyError(error),
});
}
if (update.deleted) {
throw createError({
statusCode: 400,
statusMessage: "Not implemented",
});
}
const schedule = await readSchedule();
if (schedule.deleted) {
throw createError({
statusCode: 400,
statusMessage: "Not implemented",
});
}
// Validate edit restrictions for crew
if (session.access === "crew") {
if (update.locations?.length) {
throw createError({
status: 403,
statusMessage: "Forbidden",
message: "Only admin accounts can edit locations.",
});
}
for (const event of update.events ?? []) {
const original = schedule.events?.find(e => e.id === event.id);
if (original && !original.deleted && !original.crew) {
throw createError({
status: 403,
statusMessage: "Forbidden",
message: "Only admin accounts can edit public events.",
});
}
}
}
// Update schedule
const updatedFrom = schedule.updatedAt;
update.updatedAt = new Date().toISOString();
if (update.events) {
for (const event of update.events) event.updatedAt = update.updatedAt;
applyUpdatesToArray(update.events, schedule.events = schedule.events ?? []);
}
if (update.locations) {
for (const location of update.locations) location.updatedAt = update.updatedAt;
applyUpdatesToArray(update.locations, schedule.locations = schedule.locations ?? []);
}
if (update.roles) {
for (const role of update.roles) role.updatedAt = update.updatedAt;
applyUpdatesToArray(update.roles, schedule.roles = schedule.roles ?? []);
}
if (update.shifts) {
for (const shift of update.shifts) shift.updatedAt = update.updatedAt;
applyUpdatesToArray(update.shifts, schedule.shifts = schedule.shifts ?? []);
}
await writeSchedule(schedule);
await broadcastEvent({
id: await nextEventId(),
type: "schedule-update",
updatedFrom,
data: update,
});
})
Reference in a new issue View git blame Copy permalink