( req: ProxyRequest, accessToken: string, geolocation: string )
| 46 | } |
| 47 | |
| 48 | async function callConcur( |
| 49 | req: ProxyRequest, |
| 50 | accessToken: string, |
| 51 | geolocation: string |
| 52 | ): Promise<Invocation> { |
| 53 | const url = assertSafeExternalUrl(buildApiUrl(geolocation, req), 'apiUrl').toString() |
| 54 | const hasBody = req.body !== undefined && req.body !== null |
| 55 | const headers: Record<string, string> = { |
| 56 | Authorization: `Bearer ${accessToken}`, |
| 57 | Accept: 'application/json', |
| 58 | } |
| 59 | if (hasBody) headers['Content-Type'] = req.contentType ?? 'application/json' |
| 60 | if (req.companyUuid) headers['concur-correlationid'] = req.companyUuid |
| 61 | |
| 62 | const response = await secureFetchWithValidation( |
| 63 | url, |
| 64 | { |
| 65 | method: req.method, |
| 66 | headers, |
| 67 | body: hasBody |
| 68 | ? typeof req.body === 'string' |
| 69 | ? req.body |
| 70 | : JSON.stringify(req.body) |
| 71 | : undefined, |
| 72 | timeout: SAP_CONCUR_OUTBOUND_FETCH_TIMEOUT_MS, |
| 73 | }, |
| 74 | 'apiUrl' |
| 75 | ) |
| 76 | |
| 77 | const raw = await response.text() |
| 78 | let parsed: unknown = null |
| 79 | if (raw.length > 0) { |
| 80 | try { |
| 81 | parsed = JSON.parse(raw) |
| 82 | } catch { |
| 83 | parsed = raw |
| 84 | } |
| 85 | } |
| 86 | return { status: response.status, body: parsed, raw } |
| 87 | } |
| 88 | |
| 89 | export const POST = withRouteHandler(async (request: NextRequest) => { |
| 90 | const requestId = generateRequestId() |
no test coverage detected