my2/server/api/cart/items/[id].delete.ts

/**
 * DELETE /api/cart/items/:id
 *
 * Remove an item from the shopping cart
 *
 * Validation:
 * - Cart item must exist
 * - Cart item must belong to current user/session
 *
 * Response:
 * - 204 No Content on success
 * - 404 Not Found if item doesn't exist or doesn't belong to user
 */

import { z } from 'zod'
import { eq } from 'drizzle-orm'
import { cartItems } from '../../../database/schema'

// Path params validation
const pathParamsSchema = z.object({
  id: z.string().uuid('Invalid cart item ID'),
})

export default defineEventHandler(async (event) => {
  // Validate path params
  const params = await getValidatedRouterParams(event, pathParamsSchema.parse)
  const cartItemId = params.id

  // Verify cart item belongs to current user/session
  const hasPermission = await verifyCartItemOwnership(event, cartItemId)

  if (!hasPermission) {
    throw createError({
      statusCode: 404,
      statusMessage: 'Cart item not found',
    })
  }

  const db = await useDatabase()

  // Fetch cart item to get cart ID for timestamp update
  const cartItem = await db.query.cartItems.findFirst({
    where: eq(cartItems.id, cartItemId),
    with: {
      cart: true,
    },
  })

  if (!cartItem) {
    throw createError({
      statusCode: 404,
      statusMessage: 'Cart item not found',
    })
  }

  // Delete cart item
  await db.delete(cartItems).where(eq(cartItems.id, cartItemId))

  // Update cart timestamp
  await touchCart(cartItem.cart.id)

  // Return 204 No Content
  setResponseStatus(event, 204)
  return null
})