First pass

src/pages/api/team/invite.ts

@@ -0,0 +1,65 @@
+import type { APIRoute } from 'astro';
+import { db } from '../../../db';
+import { users, members } from '../../../db/schema';
+import { eq, and } from 'drizzle-orm';
+
+export const POST: APIRoute = async ({ request, locals, redirect }) => {
+  const user = locals.user;
+  if (!user) {
+    return new Response('Unauthorized', { status: 401 });
+  }
+
+  // Check if user is admin
+  const userMembership = await db.select()
+    .from(members)
+    .where(eq(members.userId, user.id))
+    .get();
+
+  if (!userMembership || (userMembership.role !== 'owner' && userMembership.role !== 'admin')) {
+    return new Response('Unauthorized', { status: 403 });
+  }
+
+  const formData = await request.formData();
+  const email = formData.get('email')?.toString();
+  const role = formData.get('role')?.toString() || 'member';
+
+  if (!email) {
+    return new Response('Email is required', { status: 400 });
+  }
+
+  if (!['member', 'admin'].includes(role)) {
+    return new Response('Invalid role', { status: 400 });
+  }
+
+  // Find user by email
+  const invitedUser = await db.select()
+    .from(users)
+    .where(eq(users.email, email))
+    .get();
+
+  if (!invitedUser) {
+    return new Response('User not found. They must create an account first.', { status: 404 });
+  }
+
+  // Check if already a member
+  const existingMember = await db.select()
+    .from(members)
+    .where(and(
+      eq(members.userId, invitedUser.id),
+      eq(members.organizationId, userMembership.organizationId)
+    ))
+    .get();
+
+  if (existingMember) {
+    return new Response('User is already a member', { status: 400 });
+  }
+
+  // Add to organization
+  await db.insert(members).values({
+    userId: invitedUser.id,
+    organizationId: userMembership.organizationId,
+    role,
+  });
+
+  return redirect('/dashboard/team');
+};