feat: migrate /api/artist/create REST endpoint from Recoup-Chat to recoup-api (#115)

* feat: migrate /api/artist/create REST endpoint from Recoup-Chat to recoup-api

Add new GET endpoint for creating artists with query parameters:
- validateCreateArtistQuery.ts: Zod validation for name + account_id
- createArtistHandler.ts: handler with CORS, validation, and createArtistInDb
- app/api/artist/create/route.ts: GET endpoint with OPTIONS for CORS

Reuses createArtistInDb from MYC-3923 migration.

Tests: 13 new unit tests (473 total)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat: add POST /api/artists endpoint per API docs

- Add validateCreateArtistBody.ts with Zod schema (name required, account_id and organization_id optional)
- Add createArtistPostHandler.ts for POST requests with JSON body
- Update app/api/artists/route.ts to include POST handler
- Returns 201 on success per REST conventions
- Add 16 unit tests for validation and handler

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* chore: delete old GET /api/artist/create endpoint

Removed:
- app/api/artist/create/route.ts
- lib/artists/createArtistHandler.ts
- lib/artists/validateCreateArtistQuery.ts
- Related test files

Replaced by POST /api/artists endpoint

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* refactor: use API key authentication in createArtistPostHandler

- Remove accountId parameter, use only request
- Get account_id from x-api-key header via getApiKeyAccountId
- Support account_id override for org API keys via validateOverrideAccountId
- Update tests to mock auth functions

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* refactor: DRY API key validation using getApiKeyDetails

- Use single getApiKeyDetails call instead of two separate auth functions
- Use canAccessAccount directly for override validation
- Reduces duplicate API key hashing and lookup
- Add test for invalid API key case

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* refactor: move all early validation to validateCreateArtistBody

- validateCreateArtistBody now takes NextRequest and returns Promise<NextResponse | ValidatedCreateArtistRequest>
- Validates API key, JSON body parsing, and schema in one place
- Handler now only handles business logic (account access check, artist creation)
- Updated tests for new async signature

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* refactor: move canAccessAccount logic to validateCreateArtistBody

- Validation function now handles all auth/authz: API key, body parsing, schema, and account access
- Returns flat { name, accountId, organizationId } instead of nested structure
- Handler is now purely business logic: validate -> create -> respond
- Updated tests to cover 403 case in validation

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix: remove invalid extra.accountId access in MCP tool

The MCP SDK's extra parameter doesn't have an accountId property.
account_id must be provided via the tool args from system prompt context.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>

Author: sweetmantech

app/api/artists/route.ts

@@ -1,6 +1,7 @@
 import { NextRequest, NextResponse } from "next/server";
 import { getCorsHeaders } from "@/lib/networking/getCorsHeaders";
 import { getArtistsHandler } from "@/lib/artists/getArtistsHandler";
+import { createArtistPostHandler } from "@/lib/artists/createArtistPostHandler";
 
 /**
  * OPTIONS handler for CORS preflight requests.
@@ -36,3 +37,21 @@ export async function GET(request: NextRequest) {
   return getArtistsHandler(request);
 }
 
+/**
+ * POST /api/artists
+ *
+ * Creates a new artist account.
+ *
+ * Request body:
+ * - name (required): The name of the artist to create
+ * - account_id (optional): The ID of the account to create the artist for (UUID).
+ *   Only required for organization API keys creating artists on behalf of other accounts.
+ * - organization_id (optional): The organization ID to link the new artist to (UUID)
+ *
+ * @param request - The request object containing JSON body
+ * @returns A NextResponse with the created artist data (201) or error
+ */
+export async function POST(request: NextRequest) {
+  return createArtistPostHandler(request);
+}
+

lib/artists/__tests__/createArtistPostHandler.test.ts

@@ -0,0 +1,209 @@
+import { describe, it, expect, vi, beforeEach } from "vitest";
+import { NextRequest } from "next/server";
+
+const mockCreateArtistInDb = vi.fn();
+const mockGetApiKeyDetails = vi.fn();
+const mockCanAccessAccount = vi.fn();
+
+vi.mock("@/lib/artists/createArtistInDb", () => ({
+  createArtistInDb: (...args: unknown[]) => mockCreateArtistInDb(...args),
+}));
+
+vi.mock("@/lib/keys/getApiKeyDetails", () => ({
+  getApiKeyDetails: (...args: unknown[]) => mockGetApiKeyDetails(...args),
+}));
+
+vi.mock("@/lib/organizations/canAccessAccount", () => ({
+  canAccessAccount: (...args: unknown[]) => mockCanAccessAccount(...args),
+}));
+
+import { createArtistPostHandler } from "../createArtistPostHandler";
+
+function createRequest(body: unknown, apiKey = "test-api-key"): NextRequest {
+  return new NextRequest("http://localhost/api/artists", {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "x-api-key": apiKey,
+    },
+    body: JSON.stringify(body),
+  });
+}
+
+describe("createArtistPostHandler", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+    mockGetApiKeyDetails.mockResolvedValue({
+      accountId: "api-key-account-id",
+      orgId: null,
+    });
+  });
+
+  it("creates artist using account_id from API key", async () => {
+    const mockArtist = {
+      id: "artist-123",
+      account_id: "artist-123",
+      name: "Test Artist",
+      account_info: [{ image: null }],
+      account_socials: [],
+    };
+    mockCreateArtistInDb.mockResolvedValue(mockArtist);
+
+    const request = createRequest({ name: "Test Artist" });
+    const response = await createArtistPostHandler(request);
+    const data = await response.json();
+
+    expect(response.status).toBe(201);
+    expect(data.artist).toEqual(mockArtist);
+    expect(mockCreateArtistInDb).toHaveBeenCalledWith(
+      "Test Artist",
+      "api-key-account-id",
+      undefined,
+    );
+  });
+
+  it("uses account_id override for org API keys", async () => {
+    mockGetApiKeyDetails.mockResolvedValue({
+      accountId: "org-account-id",
+      orgId: "org-account-id",
+    });
+    mockCanAccessAccount.mockResolvedValue(true);
+
+    const mockArtist = {
+      id: "artist-123",
+      account_id: "artist-123",
+      name: "Test Artist",
+      account_info: [{ image: null }],
+      account_socials: [],
+    };
+    mockCreateArtistInDb.mockResolvedValue(mockArtist);
+
+    const request = createRequest({
+      name: "Test Artist",
+      account_id: "550e8400-e29b-41d4-a716-446655440000",
+    });
+    const response = await createArtistPostHandler(request);
+
+    expect(mockCanAccessAccount).toHaveBeenCalledWith({
+      orgId: "org-account-id",
+      targetAccountId: "550e8400-e29b-41d4-a716-446655440000",
+    });
+    expect(mockCreateArtistInDb).toHaveBeenCalledWith(
+      "Test Artist",
+      "550e8400-e29b-41d4-a716-446655440000",
+      undefined,
+    );
+    expect(response.status).toBe(201);
+  });
+
+  it("returns 403 when org API key lacks access to account_id", async () => {
+    mockGetApiKeyDetails.mockResolvedValue({
+      accountId: "org-account-id",
+      orgId: "org-account-id",
+    });
+    mockCanAccessAccount.mockResolvedValue(false);
+
+    const request = createRequest({
+      name: "Test Artist",
+      account_id: "550e8400-e29b-41d4-a716-446655440000",
+    });
+    const response = await createArtistPostHandler(request);
+
+    expect(response.status).toBe(403);
+  });
+
+  it("passes organization_id to createArtistInDb", async () => {
+    const mockArtist = {
+      id: "artist-123",
+      account_id: "artist-123",
+      name: "Test Artist",
+      account_info: [{ image: null }],
+      account_socials: [],
+    };
+    mockCreateArtistInDb.mockResolvedValue(mockArtist);
+
+    const request = createRequest({
+      name: "Test Artist",
+      organization_id: "660e8400-e29b-41d4-a716-446655440001",
+    });
+
+    await createArtistPostHandler(request);
+
+    expect(mockCreateArtistInDb).toHaveBeenCalledWith(
+      "Test Artist",
+      "api-key-account-id",
+      "660e8400-e29b-41d4-a716-446655440001",
+    );
+  });
+
+  it("returns 401 when API key is missing", async () => {
+    const request = new NextRequest("http://localhost/api/artists", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ name: "Test Artist" }),
+    });
+
+    const response = await createArtistPostHandler(request);
+    const data = await response.json();
+
+    expect(response.status).toBe(401);
+    expect(data.error).toBe("x-api-key header required");
+  });
+
+  it("returns 401 when API key is invalid", async () => {
+    mockGetApiKeyDetails.mockResolvedValue(null);
+
+    const request = createRequest({ name: "Test Artist" });
+    const response = await createArtistPostHandler(request);
+    const data = await response.json();
+
+    expect(response.status).toBe(401);
+    expect(data.error).toBe("Invalid API key");
+  });
+
+  it("returns 400 when name is missing", async () => {
+    const request = createRequest({});
+    const response = await createArtistPostHandler(request);
+
+    expect(response.status).toBe(400);
+  });
+
+  it("returns 400 for invalid JSON body", async () => {
+    const request = new NextRequest("http://localhost/api/artists", {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "x-api-key": "test-api-key",
+      },
+      body: "invalid json",
+    });
+
+    const response = await createArtistPostHandler(request);
+    const data = await response.json();
+
+    expect(response.status).toBe(400);
+    expect(data.error).toBe("Invalid JSON body");
+  });
+
+  it("returns 500 when artist creation fails", async () => {
+    mockCreateArtistInDb.mockResolvedValue(null);
+
+    const request = createRequest({ name: "Test Artist" });
+    const response = await createArtistPostHandler(request);
+    const data = await response.json();
+
+    expect(response.status).toBe(500);
+    expect(data.error).toBe("Failed to create artist");
+  });
+
+  it("returns 500 with error message when exception thrown", async () => {
+    mockCreateArtistInDb.mockRejectedValue(new Error("Database error"));
+
+    const request = createRequest({ name: "Test Artist" });
+    const response = await createArtistPostHandler(request);
+    const data = await response.json();
+
+    expect(response.status).toBe(500);
+    expect(data.error).toBe("Database error");
+  });
+});