first commit

app/api/mailboxes/[email]/route.ts

@@ -0,0 +1,55 @@
+import { NextRequest, NextResponse } from "next/server";
+import { auth } from "@/auth";
+import { deleteMailbox, editMailbox, getMailboxes } from "@/lib/mailcow";
+import { canAccessDomain } from "@/lib/users";
+
+async function checkAccess(session: Awaited<ReturnType<typeof auth>>, email: string) {
+  if (!session) return false;
+  const domain = email.split("@")[1];
+  return canAccessDomain(session.user.domains ?? [], domain);
+}
+
+// DELETE /api/mailboxes/[email]
+export async function DELETE(
+  _req: NextRequest,
+  { params }: { params: Promise<{ email: string }> }
+) {
+  const session = await auth();
+  const { email } = await params;
+  const decoded = decodeURIComponent(email);
+
+  if (!(await checkAccess(session, decoded))) {
+    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+  }
+
+  const result = await deleteMailbox([decoded]);
+  return NextResponse.json(result.data, { status: result.ok ? 200 : 502 });
+}
+
+// PATCH /api/mailboxes/[email] — password change or toggle active
+export async function PATCH(
+  req: NextRequest,
+  { params }: { params: Promise<{ email: string }> }
+) {
+  const session = await auth();
+  const { email } = await params;
+  const decoded = decodeURIComponent(email);
+
+  if (!(await checkAccess(session, decoded))) {
+    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+  }
+
+  const body = await req.json();
+  const attr: Parameters<typeof editMailbox>[1] = {};
+
+  if (body.password) {
+    attr.password = body.password;
+    attr.password2 = body.password;
+  }
+  if (typeof body.active === "number") {
+    attr.active = body.active;
+  }
+
+  const result = await editMailbox([decoded], attr);
+  return NextResponse.json(result.data, { status: result.ok ? 200 : 502 });
+}

app/api/mailboxes/route.ts

@@ -0,0 +1,40 @@
+import { NextRequest, NextResponse } from "next/server";
+import { auth } from "@/auth";
+import { getMailboxes, createMailbox } from "@/lib/mailcow";
+import { canAccessDomain } from "@/lib/users";
+
+// GET /api/mailboxes?domain=example.com
+export async function GET(req: NextRequest) {
+  const session = await auth();
+  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+
+  const domain = req.nextUrl.searchParams.get("domain");
+  if (!domain) return NextResponse.json({ error: "domain parametresi gerekli" }, { status: 400 });
+
+  if (!canAccessDomain(session.user.domains ?? [], domain)) {
+    return NextResponse.json({ error: "Bu domaine erişim yetkiniz yok" }, { status: 403 });
+  }
+
+  const mailboxes = await getMailboxes(domain);
+  return NextResponse.json(mailboxes);
+}
+
+// POST /api/mailboxes
+export async function POST(req: NextRequest) {
+  const session = await auth();
+  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+
+  const body = await req.json();
+  const { local_part, domain, name, password, quota } = body;
+
+  if (!local_part || !domain || !name || !password) {
+    return NextResponse.json({ error: "Eksik alan" }, { status: 400 });
+  }
+
+  if (!canAccessDomain(session.user.domains ?? [], domain)) {
+    return NextResponse.json({ error: "Bu domaine erişim yetkiniz yok" }, { status: 403 });
+  }
+
+  const result = await createMailbox({ local_part, domain, name, password, quota });
+  return NextResponse.json(result.data, { status: result.ok ? 200 : 502 });
+}