ReadMeABook/src/app/api/auth/me/route.ts

/**
 * Component: Current User Route
 * Documentation: documentation/backend/services/auth.md
 */

import { NextRequest, NextResponse } from 'next/server';
import { requireAuth, AuthenticatedRequest } from '@/lib/middleware/auth';
import { prisma } from '@/lib/db';
import { resolvePermission, getGlobalBooleanSetting } from '@/lib/utils/permissions';

/**
 * GET /api/auth/me
 * Get current authenticated user information
 */
export async function GET(request: NextRequest) {
  return requireAuth(request, async (req: AuthenticatedRequest) => {
    if (!req.user) {
      return NextResponse.json(
        {
          error: 'Unauthorized',
          message: 'User not authenticated',
        },
        { status: 401 }
      );
    }

    // Fetch full user details from database
    const user = await prisma.user.findUnique({
      where: { id: req.user.id },
      select: {
        id: true,
        plexId: true,
        plexUsername: true,
        plexEmail: true,
        role: true,
        isSetupAdmin: true,
        avatarUrl: true,
        authProvider: true,
        createdAt: true,
        lastLoginAt: true,
        interactiveSearchAccess: true,
      },
    });

    if (!user) {
      return NextResponse.json(
        {
          error: 'NotFound',
          message: 'User not found',
        },
        { status: 404 }
      );
    }

    // Determine if user is local admin (setup admin with local authentication)
    const isLocalAdmin = user.isSetupAdmin && user.plexId.startsWith('local-');

    // Resolve effective permissions
    const globalInteractiveSearch = await getGlobalBooleanSetting('interactive_search_access', true);
    const effectiveInteractiveSearch = resolvePermission(
      user.role,
      user.interactiveSearchAccess,
      globalInteractiveSearch
    );

    return NextResponse.json({
      user: {
        id: user.id,
        plexId: user.plexId,
        username: user.plexUsername,
        email: user.plexEmail,
        role: user.role,
        isLocalAdmin: isLocalAdmin,
        avatarUrl: user.avatarUrl,
        authProvider: user.authProvider,
        createdAt: user.createdAt,
        lastLoginAt: user.lastLoginAt,
        permissions: {
          interactiveSearch: effectiveInteractiveSearch,
        },
      },
    });
  });
}