PronounsPage/server/api/inclusive/submit.post.ts

import SQL from 'sql-template-strings';
import { ulid } from 'ulid';

import { PermissionAreas } from '#shared/helpers.ts';
import { auditLog } from '~~/server/audit.ts';
import { getLocale, loadConfig } from '~~/server/data.ts';
import { approveInclusiveEntry } from '~~/server/inclusive.ts';
import { isAllowedToPost } from '~~/server/user.ts';

export default defineEventHandler(async (event) => {
    const locale = getLocale(event);
    checkIsConfigEnabledOr404(await loadConfig(locale), 'inclusive');

    const { user, isGranted } = await useAuthentication(event);
    const db = useDatabase();

    if (!user || !await isAllowedToPost(db, user)) {
        throw createError({
            status: 401,
            statusMessage: 'Unauthorised',
        });
    }

    const body = await readBody(event);

    const id = ulid();
    await db.get(SQL`
        INSERT INTO inclusive (
            id, insteadOf, say, because, approved, base_id,
            locale, author_id, categories, links, clarification
        ) VALUES (
            ${id},
            ${body.insteadOf.join('|')}, ${body.say.join('|')}, ${body.because},
            0, ${body.base}, ${locale}, ${user.id},
            ${body.categories.join(',')}, ${JSON.stringify(body.links)}, ${body.clarification || null}
        )
    `);
    await auditLog({ user }, 'inclusive/submitted', { ...body });

    if (isGranted(PermissionAreas.Inclusive)) {
        await approveInclusiveEntry(db, id, locale);
        await auditLog({ user }, 'inclusive/approved', { id });
    }

    setResponseStatus(event, 201, 'Created');
});