Documentation
Back to App

POST /scorm/packages/:packageId

POST /scorm/packages/:packageId

SCORM Package DELETE Proxy Endpoint Proxies DELETE requests to the SCORM API service to avoid CORS issues. This endpoint handles authentication and forwards requests to the SCORM API. NOTE: For single package deletion, prefer using /api/scorm/packages/cleanup with { packageId: string } in the request body, as it avoids Next.js routing issues. This endpoint is kept for backward compatibility. /

import { NextRequest, NextResponse } from 'next/server'; import { auth } from '@clerk/nextjs/server'; import { createServiceRoleClient } from '@/lib/supabase/server'; import { isAdmin } from '@/lib/permissions';

// Use production SCORM API URL - can be overridden with env var for local development const SCORM_API_URL = process.env.NEXT_PUBLIC_SCORM_API_URL || 'http://localhost:3001'; // SCORM API key (for production - should be stored securely, per-tenant ideally) const SCORM_API_KEY = process.env.SCORM_API_KEY;

export const runtime = 'nodejs'; export const dynamic = 'force-dynamic';

/OPTIONS /api/scorm/packages/[packageId] Handle CORS preflight requests / export async function OPTIONS() { return new NextResponse(null, { status: 200, headers: { 'Access-Control-Allow-Origin': '', 'Access-Control-Allow-Methods': 'GET, DELETE, OPTIONS', 'Access-Control-Allow-Headers': 'Content-Type, Authorization', }, }); }

/Shared delete logic for both DELETE and POST methods / async function handleDelete( packageId: string, request: NextRequest ) { console.log('[DELETE /api/scorm/packages/[packageId]] Handler called'); console.log('[DELETE /api/scorm/packages/[packageId]] Request URL:', request.url); console.log('[DELETE /api/scorm/packages/[packageId]] Request method:', request.method);

try { console.log('[DELETE /api/scorm/packages/[packageId]] Package ID:', packageId); const supabase = createServiceRoleClient();

// Verify authentication with Clerk
const { userId } = await auth();
if (!userId) {
  return NextResponse.json(
    { error: { code: 'UNAUTHORIZED', message: 'Authentication required' } },
    { status: 401 }
  );
}

// Get user profile for permission checking
const { data: profile } = await supabase
  .from('user_profiles')
  .select('id, role, tenant_id')
  .eq('clerk_user_id', userId)
  .single();

if (!profile) {
  return NextResponse.json(
    { error: { code: 'PROFILE_NOT_FOUND', message: 'User profile not found' } },
    { status: 404 }
  );
}

// Check if user is admin (only admins can delete packages)
if (!isAdmin(profile)) {
  return NextResponse.json(
    { error: { code: 'FORBIDDEN', message: 'Only administrators can delete SCORM packages' } },
    { status: 403 }
  );
}

// Validate package ID format (UUID)
const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
if (!uuidRegex.test(packageId)) {
  return NextResponse.json(
    { error: { code: 'INVALID_PACKAGE_ID', message: 'Invalid package ID format' } },
    { status: 400 }
  );
}

// Call SCORM API DELETE endpoint
const deleteUrl = `${SCORM_API_URL}/api/v1/packages/${packageId}`;

const headers: HeadersInit = {
  'Content-Type': 'application/json',
};

// Add API key if configured (for production)
if (SCORM_API_KEY) {
  headers['X-API-Key'] = SCORM_API_KEY;
}

const response = await fetch(deleteUrl, {
  method: 'DELETE',
  headers,
});

// Forward the response from SCORM API
const responseData = await response.json().catch(() => ({}));

if (!response.ok) {
  return NextResponse.json(
    { error: responseData.error || { code: 'DELETE_FAILED', message: 'Failed to delete SCORM package' } },
    { status: response.status }
  );
}

console.log('[DELETE /api/scorm/packages/[packageId]] Success, returning response');
return NextResponse.json(responseData, { status: response.status });

} catch (error) { console.error('[DELETE /api/scorm/packages/[packageId]] Error:', error); console.error('[DELETE /api/scorm/packages/[packageId]] Error stack:', error instanceof Error ? error.stack : 'No stack'); return NextResponse.json( { error: { code: 'INTERNAL_ERROR', message: 'Internal server error' } }, { status: 500 } ); } }

/DELETE /api/scorm/packages/[packageId] Delete a SCORM package (admin only)

Endpoint

POST /scorm/packages/:packageId

Authentication

This endpoint requires authentication. Include your authentication token in the request headers.

Path Parameters

ParameterTypeDescription
packageIdstringPath parameter

Error Responses

Status CodeError CodeDescription
401HTTP_401Unauthorized
404HTTP_404Not Found
403HTTP_403Forbidden
400HTTP_400Bad Request
500HTTP_500Internal Server Error
400HTTP_400Bad Request

Example Request

curl -X POST "https://api.allurelms.com/scorm/packages/packageId-value" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{}'