Add student questions API routes

Implements GET/POST /api/questions, GET /api/questions/[id] with read tracking, POST /api/questions/[id]/messages with email notifications, PATCH /api/questions/[id]/close for staff, and POST /api/student/question-upload for file attachments. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-19 13:23:26 +05:00
parent 9cb56b9b04
commit f2946db57a
5 changed files with 278 additions and 0 deletions
@@ -0,0 +1,77 @@
+import { NextRequest, NextResponse } from "next/server";
+import { headers } from "next/headers";
+import { auth } from "@/lib/auth";
+import { prisma } from "@/lib/prisma";
+import { sendQuestionCreatedEmail, sendQuestionReplyEmail } from "@/lib/email";
+
+interface FileAttachment {
+  name: string;
+  url: string;
+  size: number;
+}
+
+export async function POST(
+  req: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) {
+  const session = await auth.api.getSession({ headers: await headers() });
+  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+
+  const { id } = await params;
+  const isStaff = session.user.role === "admin" || session.user.role === "curator";
+
+  const question = await prisma.studentQuestion.findUnique({
+    where: { id },
+    include: { user: { select: { id: true, name: true, email: true } } },
+  });
+
+  if (!question) return NextResponse.json({ error: "Not found" }, { status: 404 });
+  if (!isStaff && question.userId !== session.user.id) {
+    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+  }
+
+  const body = await req.json();
+  const { text, files } = body as { text: string; files?: FileAttachment[] };
+
+  if (!text?.trim()) {
+    return NextResponse.json({ error: "text is required" }, { status: 400 });
+  }
+
+  const message = await prisma.studentQuestionMessage.create({
+    data: {
+      questionId: id,
+      authorId: session.user.id,
+      text: text.trim(),
+      files: files?.length ? (files as object[]) : undefined,
+    },
+    include: { author: { select: { id: true, name: true, role: true } } },
+  });
+
+  // Touch question.updatedAt
+  await prisma.studentQuestion.update({
+    where: { id },
+    data: { updatedAt: new Date() },
+  });
+
+  // Send notifications
+  if (isStaff) {
+    await sendQuestionReplyEmail(
+      question.user.email,
+      question.user.name,
+      question.title,
+      id,
+    );
+  } else {
+    const staff = await prisma.user.findMany({
+      where: { role: { in: ["admin", "curator"] } },
+      select: { email: true, name: true },
+    });
+    await Promise.all(
+      staff.map((s) =>
+        sendQuestionCreatedEmail(s.email, s.name, session.user.name, question.title)
+      )
+    );
+  }
+
+  return NextResponse.json(message, { status: 201 });
+}