Files
Momento/memento-note/app/api/notes/publish/route.ts
Antigravity 17594124b0
Some checks failed
CI / Lint, Unit Tests & Build (push) Successful in 5m30s
CI / Deploy production (on server) (push) Failing after 0s
feat: modération IA automatique à la publication
- contentModerationService branché dans /api/notes/publish
- blocked → 403, publication refusée, toast d'explication
- flagged → publié mais admins notifiés pour révision
- safe → publication normale
- PublishDialog gère les 3 cas (succès normal, flagged, blocked)
- i18n FR/EN
2026-06-20 07:51:44 +00:00

92 lines
3.1 KiB
TypeScript

import { NextRequest, NextResponse } from 'next/server'
import { auth } from '@/auth'
import prisma from '@/lib/prisma'
import { contentModerationService } from '@/lib/ai/services/content-moderation.service'
function generateSlug(title: string): string {
const base = title
.toLowerCase()
.normalize('NFD')
.replace(/[\u0300-\u036f]/g, '')
.replace(/[^a-z0-9]+/g, '-')
.replace(/^-+|-+$/g, '')
.slice(0, 60) || 'note'
return `${base}-${Math.random().toString(36).slice(2, 8)}`
}
export async function POST(request: NextRequest) {
const session = await auth()
if (!session?.user?.id) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
const { noteId, action } = await request.json()
if (!noteId) return NextResponse.json({ error: 'noteId required' }, { status: 400 })
const note = await prisma.note.findFirst({
where: { id: noteId, userId: session.user.id },
select: { id: true, title: true, publicSlug: true, content: true },
})
if (!note) return NextResponse.json({ error: 'Not found' }, { status: 404 })
if (action === 'publish') {
// --- AI Moderation ---
let moderation
try {
moderation = await contentModerationService.moderate(note.title || '', note.content || '')
} catch {
moderation = { verdict: 'safe' as const, categories: ['safe'], reason: 'Moderation indisponible' }
}
if (moderation.verdict === 'blocked') {
return NextResponse.json({
error: 'blocked',
reason: moderation.reason,
categories: moderation.categories,
}, { status: 403 })
}
// flagged → publish but notify admins
if (moderation.verdict === 'flagged') {
const admins = await prisma.user.findMany({ where: { role: 'ADMIN' }, select: { id: true } })
for (const admin of admins) {
await prisma.notification.create({
data: {
userId: admin.id,
type: 'content_flagged',
title: 'Contenu sensible publié',
message: `La note "${note.title}" a été publiée avec un contenu potentiellement sensible: ${moderation.reason}`,
actionUrl: '/admin/published',
relatedId: note.id,
},
}).catch(() => {})
}
}
let slug = note.publicSlug
if (!slug) {
slug = generateSlug(note.title || 'note')
const existing = await prisma.note.findUnique({ where: { publicSlug: slug } })
if (existing && existing.id !== noteId) slug = `${slug}-${Date.now().toString(36)}`
}
await prisma.note.update({
where: { id: noteId },
data: { isPublic: true, publicSlug: slug, publishedAt: new Date() },
})
return NextResponse.json({
success: true,
slug,
moderation: moderation.verdict === 'flagged' ? 'flagged' : undefined,
})
}
if (action === 'unpublish') {
await prisma.note.update({
where: { id: noteId },
data: { isPublic: false, publicSlug: null, publishedAt: null },
})
return NextResponse.json({ success: true })
}
return NextResponse.json({ error: 'Invalid action' }, { status: 400 })
}