stage 4

app/api/v1/operations/[id]/qr/route.ts

@@ -0,0 +1,35 @@
+import { type NextRequest } from "next/server";
+import { prisma } from "@/lib/prisma";
+import { ok, errorResponse, requireRole, ApiError } from "@/lib/api";
+import { renderQrPng, scanUrlForToken } from "@/lib/qr";
+
+/**
+ * Admin-only. Render the operation's QR token as a data-URL PNG so the part
+ * detail UI can preview (and later print) the traveler. We keep token
+ * generation out of band from rendering so the DB remains the single source
+ * of truth for the token value.
+ */
+export async function GET(_req: NextRequest, ctx: { params: Promise<{ id: string }> }) {
+  try {
+    await requireRole("admin");
+    const { id } = await ctx.params;
+
+    const op = await prisma.operation.findUnique({
+      where: { id },
+      select: { id: true, qrToken: true, sequence: true, name: true },
+    });
+    if (!op) throw new ApiError(404, "not_found", "Operation not found");
+
+    const dataUrl = await renderQrPng(op.qrToken);
+    return ok({
+      operationId: op.id,
+      sequence: op.sequence,
+      name: op.name,
+      token: op.qrToken,
+      scanUrl: scanUrlForToken(op.qrToken),
+      dataUrl,
+    });
+  } catch (err) {
+    return errorResponse(err);
+  }
+}