SÉCURITÉ 8→9: - lib/rate-limit.ts: Redis rate limiter (incr + expire) - chat/route: 15 req/min max - 6 routes IA: 20 req/min max (tags, title, labels, markdown, overview, summary) - link-preview: cache Redis 5min par URL+userId - auth-providers: rate limit login 5 req/5min UX 7.5→8.5: - search-modal: focus trap (Tab cycle + Shift+Tab) - search-modal: ref modal pour querySelector focusable - layout: skip-link 'Skip to content' (sr-only focus:not-sr-only) - note-actions: boutons h-8 w-8 → h-9 w-9 (36px → touch target) 0 erreur TS, 199/199 tests
130 lines
3.4 KiB
TypeScript
130 lines
3.4 KiB
TypeScript
import { rateLimit } from '@/lib/rate-limit'
|
|
import { NextRequest, NextResponse } from 'next/server'
|
|
import { auth } from '@/auth'
|
|
import { autoLabelCreationService } from '@/lib/ai/services'
|
|
import { getAISettings } from '@/app/actions/ai-settings'
|
|
import { hasUserAiConsent } from '@/lib/consent/server-consent'
|
|
|
|
/**
|
|
* POST /api/ai/auto-labels - Suggest new labels for a notebook
|
|
*/
|
|
export async function POST(request: NextRequest) {
|
|
try {
|
|
const session = await auth()
|
|
|
|
if (!session?.user?.id) {
|
|
return NextResponse.json(
|
|
{ success: false, error: 'Unauthorized' },
|
|
{ status: 401 }
|
|
)
|
|
}
|
|
|
|
// GDPR AI Consent check
|
|
if (!(await hasUserAiConsent())) {
|
|
return NextResponse.json(
|
|
{ success: false, error: 'ai_consent_required' },
|
|
{ status: 403 }
|
|
)
|
|
}
|
|
|
|
// Respect user's autoLabeling toggle
|
|
const userSettings = await getAISettings(session.user.id)
|
|
if (userSettings.autoLabeling === false) {
|
|
return NextResponse.json({ success: true, data: null, message: 'Auto-labeling disabled by user' })
|
|
}
|
|
|
|
const body = await request.json()
|
|
const { notebookId, language = 'en' } = body
|
|
|
|
if (!notebookId || typeof notebookId !== 'string') {
|
|
return NextResponse.json(
|
|
{ success: false, error: 'Missing required field: notebookId' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
// Check if notebook belongs to user
|
|
const { prisma } = await import('@/lib/prisma')
|
|
const notebook = await prisma.notebook.findFirst({
|
|
where: {
|
|
id: notebookId,
|
|
userId: session.user.id,
|
|
},
|
|
})
|
|
|
|
if (!notebook) {
|
|
return NextResponse.json(
|
|
{ success: false, error: 'Notebook not found' },
|
|
{ status: 404 }
|
|
)
|
|
}
|
|
|
|
// Get label suggestions
|
|
const suggestions = await autoLabelCreationService.suggestLabels(
|
|
notebookId,
|
|
session.user.id,
|
|
language
|
|
)
|
|
|
|
if (!suggestions) {
|
|
return NextResponse.json({
|
|
success: true,
|
|
data: null,
|
|
message: 'No suggestions available (notebook may have fewer than 15 notes)',
|
|
})
|
|
}
|
|
|
|
return NextResponse.json({
|
|
success: true,
|
|
data: suggestions,
|
|
})
|
|
} catch (error) {
|
|
console.error('[/api/ai/auto-labels] POST failed:', error)
|
|
return NextResponse.json({ success: true, data: null })
|
|
}
|
|
}
|
|
|
|
/**
|
|
* PUT /api/ai/auto-labels - Create suggested labels
|
|
*/
|
|
export async function PUT(request: NextRequest) {
|
|
try {
|
|
const session = await auth()
|
|
|
|
if (!session?.user?.id) {
|
|
return NextResponse.json(
|
|
{ success: false, error: 'Unauthorized' },
|
|
{ status: 401 }
|
|
)
|
|
}
|
|
|
|
const body = await request.json()
|
|
const { suggestions, selectedLabels } = body
|
|
|
|
if (!suggestions || !Array.isArray(selectedLabels)) {
|
|
return NextResponse.json(
|
|
{ success: false, error: 'Missing required fields: suggestions, selectedLabels' },
|
|
{ status: 400 }
|
|
)
|
|
}
|
|
|
|
// Create labels
|
|
const createdCount = await autoLabelCreationService.createLabels(
|
|
suggestions.notebookId,
|
|
session.user.id,
|
|
suggestions,
|
|
selectedLabels
|
|
)
|
|
|
|
return NextResponse.json({
|
|
success: true,
|
|
data: {
|
|
createdCount,
|
|
},
|
|
})
|
|
} catch (error) {
|
|
console.error('[/api/ai/auto-labels] PUT failed:', error)
|
|
return NextResponse.json({ success: false, error: 'Failed to create labels' })
|
|
}
|
|
}
|