import { NextResponse } from "next/server"; import { requireUser } from "@/lib/supabase/guard"; import { cloudSoftDeleteStory } from "@/lib/persistence/cloudStore"; import { coerceEpoch } from "@/lib/persistence/types"; export const runtime = "nodejs"; // POST /api/stories/delete — body { id, rev, deletedAt } → { ok }. Propagates a // soft-delete (tombstone) under the same optimistic-concurrency guard as push. // requireUser 401s an unauthenticated commercial caller; on the open-source // build cloudSoftDeleteStory short-circuits to false. export async function POST(req: Request) { const auth = await requireUser(); if (auth instanceof NextResponse) return auth; let body: { id?: unknown; rev?: unknown; deletedAt?: unknown }; try { body = await req.json(); } catch { return NextResponse.json({ error: "invalid json" }, { status: 400 }); } const id = typeof body.id === "string" ? body.id : ""; if (!id) { return NextResponse.json({ error: "missing id" }, { status: 400 }); } const rev = typeof body.rev === "number" ? body.rev : 1; const deletedAt = coerceEpoch(body.deletedAt, Date.now()); const ok = await cloudSoftDeleteStory(id, rev, deletedAt); return NextResponse.json({ ok }); }