28 lines
957 B
TypeScript
28 lines
957 B
TypeScript
import { NextResponse } from "next/server";
|
|
import { getSessionUser } from "@/lib/session";
|
|
import { getInvoiceByNumberForOrg } from "@/lib/db";
|
|
|
|
/**
|
|
* GET /api/billing/invoices/[invoiceNumber]
|
|
*
|
|
* Customer-scoped detail lookup by invoice number (the human-
|
|
* readable YYYY-NNNNN format the customer sees on the PDF). The
|
|
* org filter is part of the DB query — a customer probing another
|
|
* org's invoice number gets the same 404 as a non-existent one.
|
|
*/
|
|
export async function GET(
|
|
_request: Request,
|
|
{ params }: { params: Promise<{ invoiceNumber: string }> }
|
|
) {
|
|
const user = await getSessionUser();
|
|
if (!user) {
|
|
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
|
}
|
|
const { invoiceNumber } = await params;
|
|
const detail = await getInvoiceByNumberForOrg(invoiceNumber, user.orgId);
|
|
if (!detail) {
|
|
return NextResponse.json({ error: "Not found" }, { status: 404 });
|
|
}
|
|
return NextResponse.json(detail);
|
|
}
|