import { NextRequest, NextResponse } from "next/server"; import { getPool } from "@/lib/database"; import { promises as fs } from "fs"; export async function GET(request: NextRequest) { const userId = request.headers.get("user-id"); if (!userId) { return NextResponse.json({ error: "Not authenticated" }, { status: 401 }); } try { const pool = getPool(); const result = await pool.query( `SELECT id, original_name, file_path, upload_status, created_at FROM uploaded_files WHERE user_id = $1 ORDER BY created_at DESC`, [userId] ); return NextResponse.json({ files: result.rows }); } catch (err: any) { return NextResponse.json( { error: err.message || "Server error" }, { status: 500 } ); } } export async function DELETE(request: NextRequest) { const userId = request.headers.get("user-id"); if (!userId) { return NextResponse.json({ error: "Not authenticated" }, { status: 401 }); } try { const body = await request.json(); const fileId: string | undefined = body?.id; if (!fileId) { return NextResponse.json({ error: "Missing file id" }, { status: 400 }); } const pool = getPool(); // Fetch file to validate ownership and get path const fileRes = await pool.query( `SELECT id, user_id, file_path FROM uploaded_files WHERE id = $1`, [fileId] ); if (fileRes.rows.length === 0) { return NextResponse.json({ error: "File not found" }, { status: 404 }); } const fileRow = fileRes.rows[0]; if (fileRow.user_id !== userId) { return NextResponse.json({ error: "Forbidden" }, { status: 403 }); } // Try to delete file from disk (best-effort) if (fileRow.file_path) { try { await fs.unlink(fileRow.file_path); } catch (_) { // ignore missing files } } // Delete DB row await pool.query(`DELETE FROM uploaded_files WHERE id = $1`, [fileId]); return NextResponse.json({ success: true }); } catch (err: any) { return NextResponse.json( { error: err.message || "Server error" }, { status: 500 } ); } }