aktiteil/src/routes/akti/[aktiId]/+page.server.ts

import { db } from '$lib/server/db';
import { aktis, ratings } from '$lib/server/db/schema';
import { error, fail, redirect, type Actions } from '@sveltejs/kit';
import { and, eq } from 'drizzle-orm';
import type { PageServerLoad } from './$types';
import { ensureAuth } from '$lib/server/session';
import { extractFormData } from '$lib/extractFormData';
import * as v from 'valibot';
import { resolve } from '$app/paths';
import sanitizeHtml from 'sanitize-html';

export const load: PageServerLoad = async (event) => {
	const [akti, r] = await Promise.all([
		db.query.aktis.findFirst({
			where: eq(aktis.id, event.params.aktiId),
			with: { author: true }
		}),
		db.query.ratings.findMany({
			with: { user: true },
			where: eq(ratings.aktiId, event.params.aktiId)
		})
	]);

	if (!akti) {
		error(404, { message: 'Die Akti gits garnid, sorry...' });
	}

	return {
		akti,
		ratings: r
	};
};
export const actions = {
	default: async (event) => {
		const user = await ensureAuth(event);

		if (!event.params.aktiId) return error(404);

		const akti = await db
			.select({ id: aktis.id, version: aktis.version, author: aktis.author })
			.from(aktis)
			.limit(1)
			.where(eq(aktis.id, event.params.aktiId));

		if (!akti || akti.length == 0) return error(404);
		if (akti[0].author != user.id) return error(403);

		const changeRequest = (
			await extractFormData(
				event.request,
				v.object({
					title: v.pipe(v.string(), v.minLength(5)),
					summary: v.pipe(v.string(), v.minLength(5)),
					body: v.pipe(v.string(), v.minLength(5))
				})
			)
		).data;

		if (!changeRequest) return fail(400, { message: 'Invalid data' });

		changeRequest.body = sanitizeHtml(changeRequest.body);

		await db
			.update(aktis)
			.set({ ...changeRequest, version: akti[0].version + 1 })
			.where(and(eq(aktis.author, user.id), eq(aktis.id, event.params.aktiId)));

		return redirect(303, resolve(`/akti/[aktiId]`, { aktiId: event.params.aktiId }));
	}
} satisfies Actions;