mrp-qrcode/app/api/v1/files/[id]/route.ts

import { type NextRequest } from "next/server";
import { prisma } from "@/lib/prisma";
import { ok, errorResponse, requireRole, ApiError } from "@/lib/api";
import { deleteFileFromDisk } from "@/lib/files";
import { audit } from "@/lib/audit";
import { clientIp } from "@/lib/request";

export async function GET(_req: NextRequest, ctx: { params: Promise<{ id: string }> }) {
  try {
    await requireRole("admin");
    const { id } = await ctx.params;
    const file = await prisma.fileAsset.findUnique({ where: { id } });
    if (!file) throw new ApiError(404, "not_found", "File not found");
    return ok({ file });
  } catch (err) {
    return errorResponse(err);
  }
}

export async function DELETE(req: NextRequest, ctx: { params: Promise<{ id: string }> }) {
  try {
    const user = await requireRole("admin");
    const { id } = await ctx.params;

    const file = await prisma.fileAsset.findUnique({
      where: { id },
      include: {
        _count: {
          select: { partStep: true, partDrawing: true, partCut: true, poPdfs: true },
        },
      },
    });
    if (!file) throw new ApiError(404, "not_found", "File not found");

    const refs =
      file._count.partStep +
      file._count.partDrawing +
      file._count.partCut +
      file._count.poPdfs;
    if (refs > 0) {
      throw new ApiError(
        409,
        "file_in_use",
        `File is referenced by ${refs} record(s). Detach it first.`,
      );
    }

    await prisma.fileAsset.delete({ where: { id } });
    await deleteFileFromDisk(file.path);

    await audit({
      actorId: user.id,
      action: "delete",
      entity: "FileAsset",
      entityId: id,
      before: { sha256: file.sha256, originalName: file.originalName },
      ipAddress: clientIp(req),
    });

    return ok({ ok: true });
  } catch (err) {
    return errorResponse(err);
  }
}