From 76b4459d3123236a2226ebf28a4a290708be415e Mon Sep 17 00:00:00 2001
From: himanshukandari14 <himanshukandari14@gmail.com>
Date: Sat, 27 Sep 2025 03:27:13 +0530
Subject: [PATCH] Used server session and fixed query to get only that content
 that is purchased by user

---
 src/app/api/search/route.ts | 83 ++++++++++++++++++++++++-------------
 1 file changed, 55 insertions(+), 28 deletions(-)

diff --git a/src/app/api/search/route.ts b/src/app/api/search/route.ts
index 84c9643c4..badbacefd 100644
--- a/src/app/api/search/route.ts
+++ b/src/app/api/search/route.ts
@@ -3,6 +3,8 @@ import db from '@/db';
 import { CourseContent } from '@prisma/client';
 import Fuse from 'fuse.js';
 import { NextRequest, NextResponse } from 'next/server';
+import { getServerSession } from 'next-auth';
+import { authOptions } from '@/lib/auth';
 
 export type TSearchedVideos = {
   id: number;
@@ -22,40 +24,65 @@ const fuzzySearch = (videos: TSearchedVideos[], searchQuery: string) => {
 };
 
 export async function GET(request: NextRequest) {
-  const { searchParams } = new URL(request.url);
-  const searchQuery = searchParams.get('q');
+  try {
+    const { searchParams } = new URL(request.url);
+    const searchQuery = searchParams.get('q');
+    const session = await getServerSession(authOptions);
 
-  if (searchQuery && searchQuery.length > 2) {
-    const value: TSearchedVideos[] = await cache.get(
-      'getAllVideosForSearch',
-      [],
-    );
-
-    if (value) {
-      return NextResponse.json(fuzzySearch(value, searchQuery));
+    if (!session?.user) {
+      return NextResponse.json({ message: 'User Not Found' }, { status: 401 });
     }
 
-    const allVideos = await db.content.findMany({
-      where: {
-        type: 'video',
-        hidden: false,
-      },
-      select: {
-        id: true,
-        parentId: true,
-        title: true,
-        parent: {
-          select: {
-            courses: true,
+    if (searchQuery && searchQuery.length > 2) {
+      const value: TSearchedVideos[] = await cache.get(
+        'getAllVideosForSearch',
+        [session.user.id],
+      );
+
+      if (value) {
+        return NextResponse.json(fuzzySearch(value, searchQuery));
+      }
+
+      const allVideos = await db.content.findMany({
+        where: {
+          type: 'video',
+          hidden: false,
+          parent: {
+            courses: {
+              some: {
+                course: {
+                  purchasedBy: {
+                    some: {
+                      userId: session.user.id,
+                    },
+                  },
+                },
+              },
+            },
+          },
+        },
+        select: {
+          id: true,
+          parentId: true,
+          title: true,
+          parent: {
+            select: {
+              courses: true,
+            },
           },
         },
-      },
-    });
+      });
 
-    cache.set('getAllVideosForSearch', [], allVideos, 24 * 60 * 60);
+      cache.set('getAllVideosForSearch', [session.user.id], allVideos, 24 * 60 * 60);
 
-    return NextResponse.json(fuzzySearch(allVideos, searchQuery));
-  }
+      return NextResponse.json(fuzzySearch(allVideos, searchQuery));
+    }
 
-  return NextResponse.json({}, { status: 400 });
+    return NextResponse.json({}, { status: 400 });
+  } catch (err) {
+    return NextResponse.json(
+      { message: 'Error fetching search results', err },
+      { status: 500 },
+    );
+  }
 }