src/api/data.js
import { isAuthed, json, unauthorized } from "../_lib/auth.js";
import { readData, writeData, DEFAULT_DATA } from "../_lib/data.js";
// GET /api/data → returns full site data (public)
// PUT /api/data → updates full site data (auth required, body = full data object)
export async function onRequest(context) {
const { request, env } = context;
const method = request.method.toUpperCase();
if (method === "GET") {
const data = await readData(env);
return json(data, {
headers: {
"Cache-Control": "public, max-age=30, stale-while-revalidate=300"
}
});
}
if (method === "PUT") {
if (!await isAuthed(request, env)) return unauthorized();
let body;
try { body = await request.json(); } catch {
return json({ error: "Invalid JSON" }, { status: 400 });
}
// Validate shape lightly
const required = ["hero", "bio", "exhibitions", "contact", "works"];
for (const k of required) {
if (!(k in body)) return json({ error: `Missing field: ${k}` }, { status: 400 });
}
if (!Array.isArray(body.works)) return json({ error: "works must be an array" }, { status: 400 });
if (!Array.isArray(body.exhibitions)) return json({ error: "exhibitions must be an array" }, { status: 400 });
await writeData(env, body);
return json({ ok: true, count: { works: body.works.length, exhibitions: body.exhibitions.length } });
}
if (method === "POST" && new URL(request.url).searchParams.get("seed") === "1") {
// One-time seed (auth required)
if (!await isAuthed(request, env)) return unauthorized();
await writeData(env, DEFAULT_DATA);
return json({ ok: true, seeded: true });
}
return json({ error: "Method not allowed" }, { status: 405 });
}