()
| 46 | import { ForbiddenError, resolveAccess } from "../sharing/access.js"; |
| 47 | |
| 48 | export function createToolsHandler() { |
| 49 | return defineEventHandler(async (event: H3Event) => { |
| 50 | const method = getMethod(event); |
| 51 | const pathname = (event.url?.pathname || "") |
| 52 | .replace(/^\/+/, "") |
| 53 | .replace(/\/+$/, ""); |
| 54 | const parts = pathname ? pathname.split("/") : []; |
| 55 | |
| 56 | const session = await getSession(event).catch(() => null); |
| 57 | if (!session?.email) { |
| 58 | setResponseStatus(event, 401); |
| 59 | return { error: "Authentication required" }; |
| 60 | } |
| 61 | |
| 62 | const orgCtx = await getOrgContext(event).catch(() => null); |
| 63 | const userEmail = session.email; |
| 64 | const orgId = orgCtx?.orgId ?? undefined; |
| 65 | |
| 66 | try { |
| 67 | return await runWithRequestContext({ userEmail, orgId }, () => |
| 68 | dispatch(event, method, parts, userEmail), |
| 69 | ); |
| 70 | } catch (err) { |
| 71 | if (err instanceof ForbiddenError) { |
| 72 | setResponseStatus(event, 403); |
| 73 | return { error: err.message }; |
| 74 | } |
| 75 | throw err; |
| 76 | } |
| 77 | }); |
| 78 | } |
| 79 | |
| 80 | async function dispatch( |
| 81 | event: H3Event, |
no test coverage detected