From 024294bf8f6a91a3710ec5ca42bbf79a4d4cbe13 Mon Sep 17 00:00:00 2001
From: Lewis Carhart <lewis@trycomp.ai>
Date: Mon, 1 Sep 2025 14:47:28 -0400
Subject: [PATCH] Implement user frameworks API endpoint (#1449)

- Added a new API endpoint to fetch user frameworks based on their organization memberships.
- Implemented authorization checks using a secret key from environment variables.
- Enhanced error handling for server configuration and data fetching issues.
- The endpoint returns a structured response with user emails and their associated frameworks.

This addition improves the backend functionality for managing user frameworks in the application.
---
 apps/app/src/app/api/user-frameworks/route.ts | 73 +++++++++++++++++++
 1 file changed, 73 insertions(+)
 create mode 100644 apps/app/src/app/api/user-frameworks/route.ts

diff --git a/apps/app/src/app/api/user-frameworks/route.ts b/apps/app/src/app/api/user-frameworks/route.ts
new file mode 100644
index 000000000..8088c0244
--- /dev/null
+++ b/apps/app/src/app/api/user-frameworks/route.ts
@@ -0,0 +1,73 @@
+import { db } from '@db';
+import { NextResponse } from 'next/server';
+
+export async function GET(request: Request) {
+  const authHeader = request.headers.get('authorization');
+  const secretKey = process.env.SECRET_KEY;
+
+  if (!secretKey) {
+    console.error('SECRET_KEY environment variable is not set');
+    return NextResponse.json({ error: 'Server configuration error' }, { status: 500 });
+  }
+
+  if (!authHeader || !authHeader.startsWith('Bearer ') || authHeader.slice(7) !== secretKey) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+  }
+
+  try {
+    const users = await db.user.findMany({
+      select: {
+        email: true,
+        members: {
+          select: {
+            organization: {
+              select: {
+                frameworkInstances: {
+                  select: {
+                    framework: {
+                      select: {
+                        name: true,
+                      },
+                    },
+                  },
+                },
+              },
+            },
+          },
+        },
+      },
+      where: {
+        members: {
+          some: {
+            organization: {
+              frameworkInstances: {
+                some: {},
+              },
+            },
+          },
+        },
+      },
+      orderBy: {
+        email: 'asc',
+      },
+    });
+
+    const userFrameworks = users.map((user) => ({
+      email: user.email,
+      frameworks: [
+        ...new Set(
+          user.members.flatMap((membership) =>
+            membership.organization.frameworkInstances.map((fi) => fi.framework.name),
+          ),
+        ),
+      ],
+    }));
+
+    return NextResponse.json({
+      userFrameworks,
+    });
+  } catch (error) {
+    console.error('Error fetching user frameworks:', error);
+    return NextResponse.json({ error: 'Failed to fetch user frameworks' }, { status: 500 });
+  }
+}