arifal
55 lines
1.5 KiB
TypeScript
55 lines
1.5 KiB
TypeScript
import { NextRequest, NextResponse } from "next/server";
|
|
import { getServerSession } from "next-auth";
|
|
import { authOptions } from "@/lib/auth";
|
|
import {
|
|
ALLOWED_KYC_MIME,
|
|
MAX_KYC_FILE_BYTES,
|
|
isKycKind,
|
|
saveEncrypted,
|
|
} from "@/lib/secure-storage";
|
|
|
|
export const runtime = "nodejs";
|
|
export const dynamic = "force-dynamic";
|
|
|
|
export async function POST(req: NextRequest) {
|
|
const session = await getServerSession(authOptions);
|
|
if (!session?.user) {
|
|
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
|
}
|
|
|
|
let form: FormData;
|
|
try {
|
|
form = await req.formData();
|
|
} catch {
|
|
return NextResponse.json({ error: "Body bukan multipart/form-data" }, { status: 400 });
|
|
}
|
|
|
|
const kind = String(form.get("kind") ?? "");
|
|
const file = form.get("file");
|
|
|
|
if (!isKycKind(kind)) {
|
|
return NextResponse.json({ error: "kind harus 'ktp' atau 'selfie'" }, { status: 400 });
|
|
}
|
|
if (!(file instanceof File)) {
|
|
return NextResponse.json({ error: "File wajib diisi" }, { status: 400 });
|
|
}
|
|
if (!ALLOWED_KYC_MIME.has(file.type)) {
|
|
return NextResponse.json(
|
|
{ error: "Hanya menerima JPG, PNG, atau WebP" },
|
|
{ status: 415 },
|
|
);
|
|
}
|
|
if (file.size > MAX_KYC_FILE_BYTES) {
|
|
return NextResponse.json({ error: "File maksimal 5MB" }, { status: 413 });
|
|
}
|
|
|
|
const buf = Buffer.from(await file.arrayBuffer());
|
|
const meta = await saveEncrypted(kind, buf, file.type);
|
|
|
|
return NextResponse.json({
|
|
key: meta.key,
|
|
mime: meta.mime,
|
|
size: meta.size,
|
|
});
|
|
}
|