From 88af07bbef1e7e8a276772d02267cb4b88edb183 Mon Sep 17 00:00:00 2001
From: Teh PeGaSuS <pegasus@gitea.0bin.xyz>
Date: Sun, 26 Apr 2026 21:39:54 +0200
Subject: [PATCH] Add pages/api/pastes.js

---
 pages/api/pastes.js | 55 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 pages/api/pastes.js

diff --git a/pages/api/pastes.js b/pages/api/pastes.js
new file mode 100644
index 0000000..4a66a55
--- /dev/null
+++ b/pages/api/pastes.js
@@ -0,0 +1,55 @@
+import db from '../../lib/db';
+import { nanoid } from 'nanoid';
+
+export default function handler(req, res) {
+  if (req.method === 'POST') {
+    const { type } = req.body;
+
+    if (type === 'comment') {
+      const { pasteId, author, commentContent } = req.body;
+      db.prepare('INSERT INTO comments (paste_id, author, content, created_at) VALUES (?, ?, ?, ?)')
+        .run(pasteId, author, commentContent, new Date().toISOString());
+      return res.status(200).json({ success: true });
+    }
+
+    const { content, language, filename, expiry, allowDiscussions, deleteToken } = req.body;
+    const id = nanoid(10);
+    
+    let expiresAt = null;
+    let expiryType = 'time';
+
+    if (expiry === 'burn') {
+      expiryType = 'burn';
+    } else if (expiry !== 'never') {
+      const hours = parseInt(expiry);
+      expiresAt = new Date(Date.now() + hours * 60 * 60 * 1000).toISOString();
+    }
+
+    try {
+      db.prepare(
+        `INSERT INTO pastes (id, content, language, filename, created_at, expires_at, expiry_type, allow_discussions, delete_token) 
+         VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)`
+      ).run(
+        id, content, language, filename, new Date().toISOString(), expiresAt, expiryType, allowDiscussions ? 1 : 0, deleteToken
+      );
+      return res.status(200).json({ id });
+    } catch (e) {
+      console.error(e);
+      return res.status(500).json({ error: "Failed to save paste" });
+    }
+  }
+
+  if (req.method === 'DELETE') {
+    const { id, token } = req.query;
+    const paste = db.prepare('SELECT delete_token FROM pastes WHERE id = ?').get(id);
+
+    if (paste && paste.delete_token === token) {
+      db.prepare('DELETE FROM pastes WHERE id = ?').run(id);
+      return res.status(200).json({ success: true });
+    }
+
+    return res.status(403).json({ error: 'Unauthorized' });
+  }
+
+  res.status(405).end();
+}