mrp-qrcode/app/api/v1/operations/[id]/qr/route.ts

import { type NextRequest } from "next/server";
import { prisma } from "@/lib/prisma";
import { ok, errorResponse, requireRole, ApiError } from "@/lib/api";
import { renderQrPng, scanUrlForToken } from "@/lib/qr";

/**
 * Admin-only. Render the operation's QR token as a data-URL PNG so the part
 * detail UI can preview (and later print) the traveler. We keep token
 * generation out of band from rendering so the DB remains the single source
 * of truth for the token value.
 */
export async function GET(_req: NextRequest, ctx: { params: Promise<{ id: string }> }) {
  try {
    await requireRole("admin");
    const { id } = await ctx.params;

    const op = await prisma.operation.findUnique({
      where: { id },
      select: { id: true, qrToken: true, sequence: true, name: true },
    });
    if (!op) throw new ApiError(404, "not_found", "Operation not found");

    const dataUrl = await renderQrPng(op.qrToken);
    return ok({
      operationId: op.id,
      sequence: op.sequence,
      name: op.name,
      token: op.qrToken,
      scanUrl: scanUrlForToken(op.qrToken),
      dataUrl,
    });
  } catch (err) {
    return errorResponse(err);
  }
}