import { randomUUID } from 'node:crypto' import { createFileRoute } from '@tanstack/react-router' import { json } from '@tanstack/react-start' import { createCapabilityUnavailablePayload } from '@/lib/feature-gates' import { isAuthenticated } from '../../server/auth-middleware' import { requireJsonContentType } from '../../server/rate-limit' import { SESSIONS_API_UNAVAILABLE_MESSAGE, createSession, deleteSession, ensureGatewayProbed, getGatewayCapabilities, listSessions, toSessionSummary, updateSession, } from '../../server/hermes-api' export const Route = createFileRoute('/api/sessions')({ server: { handlers: { GET: async ({ request }) => { // Auth check if (!isAuthenticated(request)) { return json({ ok: false, error: 'Unauthorized' }, { status: 401 }) } await ensureGatewayProbed() if (!getGatewayCapabilities().sessions) { return json({ ok: true, sessions: [], source: 'unavailable', message: SESSIONS_API_UNAVAILABLE_MESSAGE, }) } try { const sessions = await listSessions(50, 0) return json({ sessions: sessions.map(toSessionSummary) }) } catch (err) { return json( { error: err instanceof Error ? err.message : String(err), }, { status: 500 }, ) } }, POST: async ({ request }) => { if (!isAuthenticated(request)) { return json({ ok: false, error: 'Unauthorized' }, { status: 401 }) } const csrfCheckPost = requireJsonContentType(request) if (csrfCheckPost) return csrfCheckPost await ensureGatewayProbed() if (!getGatewayCapabilities().sessions) { const friendlyId = randomUUID() return json( { ...createCapabilityUnavailablePayload('sessions'), ok: true, sessionKey: friendlyId, friendlyId, persisted: false, }, ) } try { const body = (await request.json().catch(() => ({}))) as Record< string, unknown > const requestedLabel = typeof body.label === 'string' ? body.label.trim() : '' const label = requestedLabel || undefined const requestedFriendlyId = typeof body.friendlyId === 'string' ? body.friendlyId.trim() : '' const friendlyId = requestedFriendlyId || randomUUID() const requestedModel = typeof body.model === 'string' ? body.model.trim() : '' const model = requestedModel || undefined const session = await createSession({ id: friendlyId || randomUUID(), title: label, model, }) return json({ ok: true, sessionKey: session.id, friendlyId: session.id, entry: toSessionSummary(session), modelApplied: true, }) } catch (err) { return json( { ok: false, error: err instanceof Error ? err.message : String(err), }, { status: 500 }, ) } }, PATCH: async ({ request }) => { if (!isAuthenticated(request)) { return json({ ok: false, error: 'Unauthorized' }, { status: 401 }) } const csrfCheckPatch = requireJsonContentType(request) if (csrfCheckPatch) return csrfCheckPatch await ensureGatewayProbed() if (!getGatewayCapabilities().sessions) { const body = (await request.json().catch(() => ({}))) as Record< string, unknown > const rawSessionKey = typeof body.sessionKey === 'string' ? body.sessionKey.trim() : '' const rawFriendlyId = typeof body.friendlyId === 'string' ? body.friendlyId.trim() : '' const sessionKey = rawSessionKey || rawFriendlyId || randomUUID() return json({ ...createCapabilityUnavailablePayload('sessions'), ok: true, sessionKey, friendlyId: rawFriendlyId || sessionKey, updated: false, }) } try { const body = (await request.json().catch(() => ({}))) as Record< string, unknown > const rawSessionKey = typeof body.sessionKey === 'string' ? body.sessionKey.trim() : '' const rawFriendlyId = typeof body.friendlyId === 'string' ? body.friendlyId.trim() : '' const label = typeof body.label === 'string' ? body.label.trim() : undefined const sessionKey = rawSessionKey || rawFriendlyId if (!sessionKey) { return json( { ok: false, error: 'sessionKey required' }, { status: 400 }, ) } const session = await updateSession(sessionKey, { title: label, }) return json({ ok: true, sessionKey, entry: toSessionSummary(session), }) } catch (err) { return json( { ok: false, error: err instanceof Error ? err.message : String(err), }, { status: 500 }, ) } }, DELETE: async ({ request }) => { if (!isAuthenticated(request)) { return json({ ok: false, error: 'Unauthorized' }, { status: 401 }) } await ensureGatewayProbed() if (!getGatewayCapabilities().sessions) { const url = new URL(request.url) const rawSessionKey = url.searchParams.get('sessionKey') ?? '' const rawFriendlyId = url.searchParams.get('friendlyId') ?? '' const sessionKey = rawSessionKey.trim() || rawFriendlyId.trim() return json({ ...createCapabilityUnavailablePayload('sessions'), ok: true, sessionKey, deleted: false, }) } try { const url = new URL(request.url) const rawSessionKey = url.searchParams.get('sessionKey') ?? '' const rawFriendlyId = url.searchParams.get('friendlyId') ?? '' const sessionKey = rawSessionKey.trim() || rawFriendlyId.trim() if (!sessionKey) { return json( { ok: false, error: 'sessionKey required' }, { status: 400 }, ) } await deleteSession(sessionKey) return json({ ok: true, sessionKey }) } catch (err) { return json( { ok: false, error: err instanceof Error ? err.message : String(err), }, { status: 500 }, ) } }, }, }, })