root/chadebebe
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(auth): replace JWT/password-lock with token guards

Browse Source
This commit is contained in:
belisards
2026-05-03 16:31:00 -03:00
parent 7b29e39e9f
commit 4f3017a02d
15 changed files with 337 additions and 1146 deletions
Download Patch File Download Diff File Expand all files Collapse all files

363
app/[slug]/page.tsx
View File

@@ -3,11 +3,19 @@
import { useEffect, useState } from 'react';
import { useParams } from 'next/navigation';
import DOMPurify from 'dompurify';
import { wishlistsApi, itemsApi, claimingApi, type Wishlist, type Item } from '@/lib/api';
import { authApi, wishlistsApi, itemsApi, claimingApi, type Wishlist, type Item } from '@/lib/api';
import Header from '@/components/header';
import PasswordLockGuard from '@/components/password-lock-guard';
import GuestGuard from '@/components/guest-guard';
export default function PublicWishlistPage() {
return (
<GuestGuard>
<PublicWishlistContent />
</GuestGuard>
);
}
function PublicWishlistContent() {
const params = useParams();
const [wishlist, setWishlist] = useState<Wishlist | null>(null);
const [items, setItems] = useState<Item[]>([]);
@@ -15,17 +23,36 @@ export default function PublicWishlistPage() {
const [isLoading, setIsLoading] = useState(true);
const [error, setError] = useState('');
// Current viewer
const [currentGuestId, setCurrentGuestId] = useState<string | null>(null);
const [isAdmin, setIsAdmin] = useState(false);
// Claim form state
const [claimingItemId, setClaimingItemId] = useState<string | null>(null);
const [claimNote, setClaimNote] = useState('');
const [claimQty, setClaimQty] = useState(1);
const [isClaiming, setIsClaiming] = useState(false);
const [claimError, setClaimError] = useState('');
const [justClaimedItemId, setJustClaimedItemId] = useState<string | null>(null);
const [justClaimedNote, setJustClaimedNote] = useState('');
// Unclaim state
const [isUnclaiming, setIsUnclaiming] = useState(false);
const [unclaimError, setUnclaimError] = useState('');
useEffect(() => {
(async () => {
try {
const who = await authApi.whoami();
if (who.role === 'admin') {
setIsAdmin(true);
if (who.guest) setCurrentGuestId(who.guest.id);
} else if (who.role === 'guest') {
setCurrentGuestId(who.guest.id);
}
} catch {
/* ignore */
}
})();
}, []);
useEffect(() => {
fetchWishlist();
@@ -47,10 +74,14 @@ export default function PublicWishlistPage() {
}
};
const handleClaimItem = (itemId: string) => {
setClaimingItemId(itemId);
const myClaimFor = (item: Item) => item.claims.find((c) => c.guest.id === currentGuestId);
const handleStartClaim = (item: Item) => {
const my = myClaimFor(item);
setClaimingItemId(item.id);
setClaimError('');
setClaimNote('');
setClaimNote(my?.note ?? '');
setClaimQty(my?.quantity ?? 1);
setJustClaimedItemId(null);
};
@@ -61,12 +92,12 @@ export default function PublicWishlistPage() {
setClaimError('');
try {
await claimingApi.claim(itemId, undefined, claimNote);
await claimingApi.claim(itemId, { quantity: claimQty, note: claimNote });
setJustClaimedItemId(itemId);
setJustClaimedNote(claimNote);
setClaimingItemId(null);
setClaimNote('');
setClaimQty(1);
fetchWishlist();
} catch (err: any) {
setClaimError(err.message || 'Erro ao reservar item');
@@ -75,19 +106,16 @@ export default function PublicWishlistPage() {
}
};
const handleUnclaim = async (itemId: string) => {
if (!confirm('Tem certeza que deseja cancelar a reserva deste item?')) {
return;
}
const handleUnclaim = async (itemId: string, guestId?: string) => {
if (!confirm('Cancelar a reserva?')) return;
setIsUnclaiming(true);
setUnclaimError('');
try {
await claimingApi.unclaim(itemId);
await claimingApi.unclaim(itemId, guestId ? { guestId } : {});
fetchWishlist();
} catch (err: any) {
setUnclaimError(err.message || 'Erro ao cancelar reserva');
alert(err.message || 'Erro ao cancelar reserva');
} finally {
setIsUnclaiming(false);
}
@@ -95,7 +123,10 @@ export default function PublicWishlistPage() {
const filteredItems = showClaimed
? items
: items.filter((item) => !item.claimedAt || item.id === justClaimedItemId);
: items.filter((item) => {
const my = myClaimFor(item);
return item.remainingQuantity > 0 || my || item.id === justClaimedItemId;
});
const formatPrice = (price: number | null, currency: string) => {
if (!price) return null;
@@ -125,14 +156,13 @@ export default function PublicWishlistPage() {
}
return (
<PasswordLockGuard>
<div className="min-h-screen bg-cosmic">
<Header
title={wishlist.name}
subtitle={wishlist.description || undefined}
imageUrl={wishlist.imageUrl || undefined}
maxWidth="max-w-5xl"
/>
<div className="min-h-screen bg-cosmic">
<Header
title={wishlist.name}
subtitle={wishlist.description || undefined}
imageUrl={wishlist.imageUrl || undefined}
maxWidth="max-w-5xl"
/>
{/* Main Content */}
<div className="max-w-5xl mx-auto py-12 sm:px-6 lg:px-8">
@@ -167,7 +197,6 @@ export default function PublicWishlistPage() {
className="prose prose-indigo dark:prose-invert max-w-none text-gray-700 dark:text-gray-300 [&_a]:text-indigo-600 [&_a]:dark:text-indigo-400 [&_a]:hover:underline"
dangerouslySetInnerHTML={{ __html: DOMPurify.sanitize(wishlist.preferences) }}
onClick={(e) => {
// Make all links open in new tab
const target = e.target as HTMLElement;
if (target.tagName === 'A') {
e.preventDefault();
@@ -188,7 +217,7 @@ export default function PublicWishlistPage() {
onChange={(e) => setShowClaimed(e.target.checked)}
className="h-4 w-4 text-blue-600 border-gray-300 rounded"
/>
<span className="ml-2 text-sm text-gray-700 dark:text-gray-300">Mostrar itens reservados</span>
<span className="ml-2 text-sm text-gray-700 dark:text-gray-300">Mostrar itens esgotados</span>
</label>
</div>
<div className="text-sm text-gray-600 dark:text-gray-400">
@@ -205,155 +234,179 @@ export default function PublicWishlistPage() {
</div>
) : (
<div className="space-y-6">
{filteredItems.map((item) => (
<div
key={item.id}
className="bg-white dark:bg-gray-800 rounded-lg shadow hover:shadow-lg transition-all duration-300 hover:scale-105 overflow-hidden"
>
<div className="flex flex-col md:flex-row">
{/* Left: Image */}
{item.imageUrl && (
<div className="md:w-48 md:flex-shrink-0">
<img
src={item.imageUrl}
alt={item.name}
className="w-full h-48 md:h-full object-cover"
/>
</div>
)}
{filteredItems.map((item) => {
const myClaim = myClaimFor(item);
const maxForMe = item.remainingQuantity + (myClaim?.quantity ?? 0);
const showQuantitySummary = item.quantity > 1;
const sold = item.remainingQuantity === 0 && !myClaim;
{/* Middle: Item Details */}
<div className="flex-1 p-6">
<h3 className="text-2xl font-bold text-gray-900 dark:text-white mb-3">
{item.name}
</h3>
{item.description && (
<p className="text-base text-gray-600 dark:text-gray-300 mb-4">
{item.description}
</p>
return (
<div
key={item.id}
className="bg-white dark:bg-gray-800 rounded-lg shadow hover:shadow-lg transition-all duration-300 overflow-hidden"
>
<div className="flex flex-col md:flex-row">
{/* Left: Image */}
{item.imageUrl && (
<div className="md:w-48 md:flex-shrink-0">
<img
src={item.imageUrl}
alt={item.name}
className="w-full h-48 md:h-full object-cover"
/>
</div>
)}
</div>
{/* Right: Action Area */}
<div className="md:w-80 md:flex-shrink-0 p-6 bg-gray-50 dark:bg-gray-900/50 border-t md:border-t-0 md:border-l border-gray-200 dark:border-gray-700 flex flex-col">
<div className="mb-4">
{item.purchaseUrls && item.purchaseUrls.length > 0 && (
<div className="space-y-2">
{item.purchaseUrls.map((url, idx) => (
<a
key={idx}
href={url.url}
target="_blank"
rel="noopener noreferrer"
className="flex items-center justify-between text-base px-4 py-3 rounded-lg hover:bg-indigo-50 dark:hover:bg-indigo-900/20 transition-colors cursor-pointer border border-gray-200 dark:border-gray-700"
>
<span className="text-indigo-600 dark:text-indigo-400 hover:text-indigo-800 dark:hover:text-indigo-300 font-medium">
{url.label}
</span>
<span className="text-gray-900 dark:text-white font-bold text-lg">
{item.price && formatPrice(item.price, item.currency)}
</span>
</a>
))}
</div>
{/* Middle: Item Details */}
<div className="flex-1 p-6">
<h3 className="text-2xl font-bold text-gray-900 dark:text-white mb-1">
{item.name}
</h3>
{showQuantitySummary && (
<p className="text-sm text-gray-500 dark:text-gray-400 mb-3">
{item.claimedQuantity} de {item.quantity} reservados
</p>
)}
{item.description && (
<p className="text-base text-gray-600 dark:text-gray-300 mb-4">
{item.description}
</p>
)}
{/* Existing claims list */}
{item.claims.length > 0 && (
<ul className="text-sm text-gray-700 dark:text-gray-300 space-y-1 mt-4 border-t border-gray-200 dark:border-gray-700 pt-3">
{item.claims.map((c) => {
const isMine = c.guest.id === currentGuestId;
const canCancel = isMine || isAdmin;
return (
<li key={c.id} className="flex items-center justify-between gap-2">
<div>
<span className="font-medium">{c.guest.name}</span>
<span className="text-gray-500"> · {c.quantity} un.</span>
{c.note && (
<span className="block text-xs italic text-gray-500">
&quot;{c.note}&quot;
</span>
)}
</div>
{canCancel && (
<button
onClick={() => handleUnclaim(item.id, isMine ? undefined : c.guest.id)}
disabled={isUnclaiming}
className="text-xs text-red-600 hover:underline disabled:opacity-50 cursor-pointer"
>
Cancelar
</button>
)}
</li>
);
})}
</ul>
)}
</div>
{/* Claimed Badge, Success Message, or Claim Button/Form */}
<div className="mt-auto">
{justClaimedItemId === item.id ? (
<div className="bg-green-50 dark:bg-green-900/20 border border-green-200 dark:border-green-800 rounded-lg p-4">
<div className="flex items-center justify-center mb-2">
<div className="w-12 h-12 bg-green-500 dark:bg-green-600 rounded-full flex items-center justify-center">
<svg className="w-6 h-6 text-white" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 5l7 7-7 7" />
</svg>
{/* Right: Action Area */}
<div className="md:w-80 md:flex-shrink-0 p-6 bg-gray-50 dark:bg-gray-900/50 border-t md:border-t-0 md:border-l border-gray-200 dark:border-gray-700 flex flex-col">
<div className="mb-4">
{item.purchaseUrls && item.purchaseUrls.length > 0 && (
<div className="space-y-2">
{item.purchaseUrls.map((url, idx) => (
<a
key={idx}
href={url.url}
target="_blank"
rel="noopener noreferrer"
className="flex items-center justify-between text-base px-4 py-3 rounded-lg hover:bg-indigo-50 dark:hover:bg-indigo-900/20 transition-colors cursor-pointer border border-gray-200 dark:border-gray-700"
>
<span className="text-indigo-600 dark:text-indigo-400 hover:text-indigo-800 dark:hover:text-indigo-300 font-medium">
{url.label}
</span>
<span className="text-gray-900 dark:text-white font-bold text-lg">
{item.price && formatPrice(item.price, item.currency)}
</span>
</a>
))}
</div>
</div>
<p className="text-center text-lg font-semibold text-gray-900 dark:text-white mb-1">
Item reservado!
</p>
<p className="text-center text-sm text-gray-600 dark:text-gray-400 mb-2">
O status está confirmado.
</p>
{justClaimedNote && (
<p className="text-center text-xs text-gray-600 dark:text-gray-400 italic">
Sua nota: &quot;{justClaimedNote}&quot;
</p>
)}
</div>
) : item.claimedAt ? (
<div className="bg-green-50 dark:bg-green-900/20 border border-green-200 dark:border-green-800 rounded p-3">
{item.claimedByNote && (
<p className="text-xs text-green-700 dark:text-green-300 mt-1">
Nota: {item.claimedByNote}
</p>
)}
{item.isPurchased && (
<p className="text-xs text-green-700 dark:text-green-300 mt-1 font-medium">
Comprado
</p>
)}
{showClaimed && (
<button
onClick={() => handleUnclaim(item.id)}
disabled={isUnclaiming}
className="mt-3 w-full px-4 py-2 bg-red-500 text-white rounded-md hover:bg-red-600 font-medium disabled:opacity-50 transition-colors cursor-pointer text-sm"
>
{isUnclaiming ? 'Cancelando...' : 'Cancelar reserva'}
</button>
)}
</div>
) : claimingItemId === item.id ? (
<div className="space-y-3">
<form onSubmit={(e) => handleSubmitClaim(e, item.id)} className="space-y-3">
{claimError && (
<div className="p-2 bg-red-50 dark:bg-red-900/20 text-red-800 dark:text-red-400 rounded text-xs">
{claimError}
<div className="mt-auto">
{sold ? (
<div className="bg-gray-100 dark:bg-gray-700 rounded p-3 text-center text-sm text-gray-700 dark:text-gray-300">
Esgotado
</div>
) : claimingItemId === item.id ? (
<form onSubmit={(e) => handleSubmitClaim(e, item.id)} className="space-y-3">
{claimError && (
<div className="p-2 bg-red-50 dark:bg-red-900/20 text-red-800 dark:text-red-400 rounded text-xs">
{claimError}
</div>
)}
{item.quantity > 1 && (
<div>
<label htmlFor={`claim-qty-${item.id}`} className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">
Quantidade (máx {maxForMe}):
</label>
<input
id={`claim-qty-${item.id}`}
type="number"
min={1}
max={maxForMe}
value={claimQty}
onChange={(e) => setClaimQty(Math.max(1, Math.min(maxForMe, Number(e.target.value) || 1)))}
className="w-full px-3 py-2 text-sm border border-gray-300 dark:border-gray-600 rounded-md focus:outline-none focus:ring-2 focus:ring-green-500 dark:bg-gray-700 dark:text-white"
/>
</div>
)}
<div>
<label htmlFor={`claim-note-${item.id}`} className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">
Deixe uma nota (opcional):
</label>
<textarea
id={`claim-note-${item.id}`}
rows={3}
className="w-full px-3 py-2 text-sm border border-gray-300 dark:border-gray-600 rounded-md focus:outline-none focus:ring-2 focus:ring-green-500 dark:bg-gray-700 dark:text-white resize-none"
value={claimNote}
onChange={(e) => setClaimNote(e.target.value)}
/>
</div>
)}
<div>
<label htmlFor={`claim-note-${item.id}`} className="block text-sm font-medium text-gray-700 dark:text-gray-300 mb-1">
Deixe uma nota (opcional):
</label>
<textarea
id={`claim-note-${item.id}`}
rows={3}
placeholder="Ex: 'Vou comprar na semana que vem' ou 'Achei uma boa promoção'"
className="w-full px-3 py-2 text-sm border border-gray-300 dark:border-gray-600 rounded-md focus:outline-none focus:ring-2 focus:ring-green-500 dark:bg-gray-700 dark:text-white resize-none"
value={claimNote}
onChange={(e) => setClaimNote(e.target.value)}
/>
</div>
<button
type="submit"
disabled={isClaiming}
className="w-full px-4 py-2 bg-green-500 text-white rounded-md hover:bg-green-600 font-medium disabled:opacity-50 transition-colors cursor-pointer"
>
{isClaiming ? 'Reservando...' : (myClaim ? 'Atualizar reserva' : 'Confirmar reserva')}
</button>
<button
type="button"
onClick={() => setClaimingItemId(null)}
className="w-full px-4 py-2 text-sm border border-gray-300 dark:border-gray-600 rounded-md text-gray-700 dark:text-gray-300 hover:bg-gray-50 dark:hover:bg-gray-700 cursor-pointer"
>
Cancelar
</button>
</form>
) : (
<button
type="submit"
disabled={isClaiming}
className="w-full px-4 py-2 bg-green-500 text-white rounded-md hover:bg-green-600 font-medium disabled:opacity-50 transition-colors cursor-pointer"
onClick={() => handleStartClaim(item)}
className="w-full px-4 py-2 bg-indigo-600 text-white rounded-md hover:bg-indigo-700 font-medium transition-colors cursor-pointer"
>
{isClaiming ? 'Reservando...' : 'Confirmar reserva'}
{myClaim ? 'Atualizar reserva' : 'Reservar'}
</button>
</form>
)}
</div>
) : (
<button
onClick={() => handleClaimItem(item.id)}
className="w-full px-4 py-2 bg-indigo-600 text-white rounded-md hover:bg-indigo-700 font-medium transition-colors cursor-pointer"
>
Vou dar este presente
</button>
)}
</div>
</div>
</div>
</div>
))}
);
})}
</div>
)}
</div>
</div>
</div>
</PasswordLockGuard>
</div>
);
}

140
app/admin/login/page.tsx
View File

@@ -1,140 +0,0 @@
'use client';
import { useState, useEffect } from 'react';
import { useAuth } from '@/lib/auth-context';
import { useRouter } from 'next/navigation';
import Link from 'next/link';
import type { ApiError } from '@/lib/api';
export default function AdminLoginPage() {
const [username, setUsername] = useState('');
const [password, setPassword] = useState('');
const [error, setError] = useState('');
const [isLoading, setIsLoading] = useState(false);
const { login, isAuthenticated, isLoading: authLoading } = useAuth();
const router = useRouter();
// Redirect if already logged in
useEffect(() => {
if (!authLoading && isAuthenticated) {
router.push('/admin');
}
}, [isAuthenticated, authLoading, router]);
const handleSubmit = async (e: React.FormEvent) => {
e.preventDefault();
setError('');
setIsLoading(true);
try {
await login(username, password);
router.push('/admin');
} catch (err) {
const apiError = err as ApiError;
setError(apiError.message || 'Login failed');
} finally {
setIsLoading(false);
}
};
// Show loading while checking auth status
if (authLoading) {
return (
<div className="min-h-screen bg-gray-50 dark:bg-gray-900 flex items-center justify-center">
<p className="text-gray-600 dark:text-gray-400">Loading...</p>
</div>
);
}
// Don't render login form if already authenticated (will redirect)
if (isAuthenticated) {
return null;
}
return (
<div className="min-h-screen bg-gray-50 dark:bg-gray-900">
{/* Hero Section */}
<div className="bg-white dark:bg-gray-800 shadow-sm">
<div className="max-w-7xl mx-auto py-16 px-4 sm:py-24 sm:px-6 lg:px-8">
<div className="text-center">
<h1 className="text-5xl sm:text-6xl lg:text-7xl font-bold text-gray-900 dark:text-white mb-4">
Admin Login
</h1>
<p className="text-xl sm:text-2xl text-gray-600 dark:text-gray-300 max-w-3xl mx-auto mb-6">
Sign in to your account
</p>
<Link
href="/"
className="inline-flex items-center text-base font-medium text-indigo-600 dark:text-indigo-400 hover:text-indigo-500 dark:hover:text-indigo-300 transition-colors"
>
<svg className="w-5 h-5 mr-2" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M10 19l-7-7m0 0l7-7m-7 7h18" />
</svg>
Back to Home
</Link>
</div>
</div>
</div>
{/* Main Content */}
<div className="max-w-4xl mx-auto py-12 sm:px-6 lg:px-8">
<div className="px-4 sm:px-0">
<div className="max-w-md mx-auto">
<form className="bg-white dark:bg-gray-800 rounded-xl shadow-md border border-gray-100 dark:border-gray-700 p-8 space-y-6" onSubmit={handleSubmit}>
{error && (
<div className="rounded-lg bg-red-50 dark:bg-red-900/20 border border-red-200 dark:border-red-800 p-4">
<p className="text-sm text-red-800 dark:text-red-400">{error}</p>
</div>
)}
<div className="space-y-4">
<div>
<label htmlFor="username" className="block text-sm font-semibold text-gray-700 dark:text-gray-300 mb-2">
Username
</label>
<input
id="username"
name="username"
type="text"
autoComplete="username"
required
className="appearance-none block w-full px-4 py-3 border border-gray-300 dark:border-gray-600 rounded-lg focus:outline-none focus:ring-2 focus:ring-indigo-500 focus:border-indigo-500 dark:bg-gray-700 dark:text-white text-base"
placeholder="admin"
value={username}
onChange={(e) => setUsername(e.target.value)}
/>
</div>
<div>
<label htmlFor="password" className="block text-sm font-semibold text-gray-700 dark:text-gray-300 mb-2">
Password
</label>
<input
id="password"
name="password"
type="password"
autoComplete="current-password"
required
className="appearance-none block w-full px-4 py-3 border border-gray-300 dark:border-gray-600 rounded-lg focus:outline-none focus:ring-2 focus:ring-indigo-500 focus:border-indigo-500 dark:bg-gray-700 dark:text-white text-base"
placeholder="Password"
value={password}
onChange={(e) => setPassword(e.target.value)}
/>
</div>
</div>
<div>
<button
type="submit"
disabled={isLoading}
className="w-full flex justify-center px-6 py-3 border border-transparent text-base font-semibold rounded-lg text-white bg-indigo-600 hover:bg-indigo-700 focus:outline-none focus:ring-2 focus:ring-offset-2 focus:ring-indigo-500 disabled:opacity-50 disabled:cursor-not-allowed shadow-md hover:shadow-lg transition-all"
>
{isLoading ? 'Signing in...' : 'Sign In'}
</button>
</div>
</form>
</div>
</div>
</div>
</div>
);
}

26
app/admin/page.tsx
View File

@@ -1,9 +1,9 @@
'use client';
import { useEffect, useState } from 'react';
import ProtectedRoute from '@/components/protected-route';
import { useAuth } from '@/lib/auth-context';
import { wishlistsApi, itemsApi, settingsApi, type Wishlist, type Settings } from '@/lib/api';
import { useRouter } from 'next/navigation';
import AdminGuard from '@/components/admin-guard';
import { authApi, wishlistsApi, itemsApi, settingsApi, type Wishlist, type Settings } from '@/lib/api';
import Header from '@/components/header';
import Link from 'next/link';
import StatsGrid from '@/components/admin/StatsGrid';
@@ -13,15 +13,27 @@ import CreateWishlistModal from '@/components/admin/CreateWishlistModal';
import ShareButton from '@/components/share-button';
export default function AdminPage() {
const { logout } = useAuth();
return (
<AdminGuard>
<AdminPageContent />
</AdminGuard>
);
}
function AdminPageContent() {
const router = useRouter();
const [wishlists, setWishlists] = useState<Wishlist[]>([]);
const [itemCounts, setItemCounts] = useState<Record<string, number>>({});
const [isLoading, setIsLoading] = useState(true);
const [settings, setSettings] = useState<Settings>({
siteTitle: 'Wishlist',
homepageSubtext: 'Browse and explore available wishlists',
passwordLockEnabled: false,
});
const logout = async () => {
await authApi.logout();
router.push('/');
};
const [showCreateModal, setShowCreateModal] = useState(false);
const [createError, setCreateError] = useState('');
@@ -124,7 +136,7 @@ export default function AdminPage() {
};
return (
<ProtectedRoute>
<>
<div className="min-h-screen bg-gray-50 dark:bg-gray-900">
<Header
title="Dashboard"
@@ -230,6 +242,6 @@ export default function AdminPage() {
error={createError}
/>
</div>
</ProtectedRoute>
</>
);
}

67
app/api/lock/route.ts
View File

@@ -1,67 +0,0 @@
import { NextRequest, NextResponse } from 'next/server';
import { eq } from 'drizzle-orm';
import { db, settings } from '@/lib/db';
import crypto from 'crypto';
import { isSecureCookie } from '@/lib/auth/utils';
// POST /api/lock - Verify password
export async function POST(request: NextRequest) {
try {
const body = await request.json();
const { password } = body;
if (!password) {
return NextResponse.json(
{ error: 'Password is required' },
{ status: 400 }
);
}
// Get the stored password hash
const hashSetting = await db
.select()
.from(settings)
.where(eq(settings.key, 'passwordLockHash'))
.limit(1);
if (hashSetting.length === 0) {
return NextResponse.json(
{ error: 'Password lock not configured' },
{ status: 400 }
);
}
// Hash the provided password
const hash = crypto.createHash('sha256').update(password).digest('hex');
// Compare hashes
if (hash === hashSetting[0].value) {
// Password correct - set a cookie
const response = NextResponse.json({
success: true,
message: 'Password verified',
});
response.cookies.set('site_unlocked', 'true', {
httpOnly: true,
secure: isSecureCookie(request),
sameSite: 'lax',
maxAge: 60 * 60 * 24,
path: '/',
});
return response;
} else {
return NextResponse.json(
{ error: 'Incorrect password' },
{ status: 401 }
);
}
} catch (error) {
console.error('Error verifying password:', error);
return NextResponse.json(
{ error: 'Failed to verify password' },
{ status: 500 }
);
}
}

6
app/layout.tsx
View File

@@ -1,8 +1,6 @@
import type { Metadata } from "next";
import "./globals.css";
import { AuthProvider } from "@/lib/auth-context";
import { db, settings } from "@/lib/db";
import { eq } from "drizzle-orm";
async function getSettings() {
try {
@@ -51,9 +49,7 @@ export default function RootLayout({
/>
</head>
<body className="font-sans antialiased bg-cosmic">
<AuthProvider>
{children}
</AuthProvider>
{children}
</body>
</html>
);

92
app/lock/page.tsx
View File

@@ -1,92 +0,0 @@
'use client';
import { useState } from 'react';
import { useRouter } from 'next/navigation';
import Header from '@/components/header';
export default function LockPage() {
const router = useRouter();
const [password, setPassword] = useState('');
const [error, setError] = useState('');
const [isSubmitting, setIsSubmitting] = useState(false);
const handleSubmit = async (e: React.FormEvent) => {
e.preventDefault();
setError('');
setIsSubmitting(true);
try {
const response = await fetch('/api/lock', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({ password }),
});
const data = await response.json();
if (response.ok) {
// Password verified, redirect to home
router.push('/');
router.refresh();
} else {
setError(data.error || 'Senha incorreta');
setPassword('');
}
} catch (err) {
setError('Erro ao verificar senha. Tente novamente.');
console.error('Lock verification error:', err);
} finally {
setIsSubmitting(false);
}
};
return (
<div className="min-h-screen bg-cosmic">
<Header
title="Senha necessária"
subtitle="Digite a senha para acessar o site"
/>
<div className="max-w-md mx-auto py-12 px-4 sm:px-6 lg:px-8">
<div className="bg-card rounded-2xl shadow-soft border border-[color:var(--border)] overflow-hidden">
<div className="p-6">
<form onSubmit={handleSubmit} className="space-y-4">
{error && (
<div className="p-3 bg-rose-50 dark:bg-rose-900/20 text-rose-700 dark:text-rose-300 rounded-xl text-base">
{error}
</div>
)}
<div>
<label htmlFor="password" className="block text-base font-medium text-[color:var(--ink-soft)] mb-2">
Senha
</label>
<input
type="password"
id="password"
required
autoFocus
className="w-full px-4 py-3 border border-[color:var(--border)] rounded-xl focus:outline-none focus:ring-2 focus:ring-[color:var(--accent)] text-lg"
value={password}
onChange={(e) => setPassword(e.target.value)}
placeholder="Digite a senha"
disabled={isSubmitting}
/>
</div>
<button
type="submit"
disabled={isSubmitting}
className="w-full px-6 py-3 text-lg font-semibold text-white bg-[color:var(--accent)] hover:brightness-110 rounded-xl transition-all disabled:opacity-50 disabled:cursor-not-allowed shadow-soft"
>
{isSubmitting ? 'Verificando...' : 'Entrar'}
</button>
</form>
</div>
</div>
</div>
</div>
);
}

318
app/page.tsx
View File

@@ -1,320 +1,12 @@
'use client';
import { useEffect, useState } from 'react';
import DOMPurify from 'dompurify';
import { wishlistsApi, itemsApi, claimingApi, settingsApi, type Wishlist, type Item, type Settings } from '@/lib/api';
import Header from '@/components/header';
import PasswordLockGuard from '@/components/password-lock-guard';
export default function Home() {
const [wishlist, setWishlist] = useState<Wishlist | null>(null);
const [items, setItems] = useState<Item[]>([]);
const [showClaimed, setShowClaimed] = useState(false);
const [isLoading, setIsLoading] = useState(true);
const [settings, setSettings] = useState<Settings>({ siteTitle: 'Chá do Martin', homepageSubtext: 'Escolha um presente da lista!' });
const [claimingItemId, setClaimingItemId] = useState<string | null>(null);
const [claimNote, setClaimNote] = useState('');
const [isClaiming, setIsClaiming] = useState(false);
const [claimError, setClaimError] = useState('');
const [justClaimedItemId, setJustClaimedItemId] = useState<string | null>(null);
const [justClaimedNote, setJustClaimedNote] = useState('');
const [isUnclaiming, setIsUnclaiming] = useState(false);
const [unclaimError, setUnclaimError] = useState('');
useEffect(() => {
bootstrap();
}, []);
const bootstrap = async () => {
try {
const [settingsData, wishlists] = await Promise.all([
settingsApi.getSettings().catch(() => null),
wishlistsApi.getAllPublic(),
]);
if (settingsData) setSettings(settingsData);
if (wishlists.length === 0) {
setIsLoading(false);
return;
}
const primary = wishlists[0];
setWishlist(primary);
const itemsData = await itemsApi.getAll(primary.id);
setItems(itemsData.sort((a, b) => a.sortOrder - b.sortOrder));
} catch (error) {
console.error('Failed to load home page:', error);
} finally {
setIsLoading(false);
}
};
const refetchItems = async () => {
if (!wishlist) return;
const itemsData = await itemsApi.getAll(wishlist.id);
setItems(itemsData.sort((a, b) => a.sortOrder - b.sortOrder));
};
const handleClaimItem = (itemId: string) => {
setClaimingItemId(itemId);
setClaimError('');
setClaimNote('');
setJustClaimedItemId(null);
};
const handleSubmitClaim = async (e: React.FormEvent, itemId: string) => {
e.preventDefault();
setIsClaiming(true);
setClaimError('');
try {
await claimingApi.claim(itemId, undefined, claimNote);
setJustClaimedItemId(itemId);
setJustClaimedNote(claimNote);
setClaimingItemId(null);
setClaimNote('');
await refetchItems();
} catch (err: any) {
setClaimError(err.message || 'Erro ao reservar item');
} finally {
setIsClaiming(false);
}
};
const handleUnclaim = async (itemId: string) => {
if (!confirm('Tem certeza que deseja cancelar a reserva deste item?')) return;
setIsUnclaiming(true);
setUnclaimError('');
try {
await claimingApi.unclaim(itemId);
await refetchItems();
} catch (err: any) {
setUnclaimError(err.message || 'Erro ao cancelar reserva');
} finally {
setIsUnclaiming(false);
}
};
const filteredItems = showClaimed
? items
: items.filter((item) => !item.claimedAt || item.id === justClaimedItemId);
const formatPrice = (price: number | null, currency: string) => {
if (!price) return null;
return new Intl.NumberFormat('pt-BR', {
style: 'currency',
currency: currency || 'BRL',
}).format(price);
};
return (
<PasswordLockGuard>
<div className="min-h-screen bg-cosmic">
<Header
title={settings.siteTitle}
subtitle={wishlist?.description || settings.homepageSubtext}
imageUrl={wishlist?.imageUrl || undefined}
maxWidth="max-w-5xl"
/>
<div className="max-w-5xl mx-auto py-12 sm:px-6 lg:px-8">
<div className="px-4 sm:px-0">
{isLoading ? (
<div className="text-center py-12">
<p className="text-[color:var(--muted)]">Carregando...</p>
</div>
) : !wishlist ? (
<div className="text-center py-12 bg-card rounded-2xl shadow-soft">
<p className="text-[color:var(--muted)]">Nenhuma lista disponível ainda</p>
</div>
) : (
<>
{wishlist.preferences && (
<div className="mb-8 bg-card rounded-2xl shadow-soft p-6">
<h2 className="text-xl font-bold text-[color:var(--ink)] mb-3">
Interesses e Preferências
</h2>
<div
className="prose prose-indigo dark:prose-invert max-w-none text-[color:var(--ink-soft)] [&_a]:text-[color:var(--accent)] [&_a]:hover:underline"
dangerouslySetInnerHTML={{ __html: DOMPurify.sanitize(wishlist.preferences) }}
onClick={(e) => {
const target = e.target as HTMLElement;
if (target.tagName === 'A') {
e.preventDefault();
window.open((target as HTMLAnchorElement).href, '_blank', 'noopener,noreferrer');
}
}}
/>
</div>
)}
<div className="mb-6 flex items-center justify-between">
<label className="flex items-center">
<input
type="checkbox"
checked={showClaimed}
onChange={(e) => setShowClaimed(e.target.checked)}
className="h-4 w-4 rounded border-[color:var(--border)] accent-[color:var(--accent)]"
/>
<span className="ml-2 text-sm text-[color:var(--ink-soft)]">Mostrar itens reservados</span>
</label>
<div className="text-sm text-[color:var(--muted)]">
{filteredItems.length} de {items.length} itens
</div>
</div>
{filteredItems.length === 0 ? (
<div className="text-center py-12 bg-card rounded-2xl shadow-soft">
<p className="text-[color:var(--muted)]">
{showClaimed ? 'Nenhum item nesta lista ainda' : 'Todos os itens já foram reservados!'}
</p>
</div>
) : (
<div className="space-y-6">
{filteredItems.map((item) => (
<div
key={item.id}
className="bg-card rounded-2xl shadow-soft hover:shadow-lifted transition-all duration-300 overflow-hidden"
>
<div className="flex flex-col md:flex-row">
{item.imageUrl && (
<div className="md:w-48 md:flex-shrink-0">
<img
src={item.imageUrl}
alt={item.name}
className="w-full h-48 md:h-full object-cover"
/>
</div>
)}
<div className="flex-1 p-6">
<h3 className="text-2xl font-bold text-[color:var(--ink)] mb-3">
{item.name}
</h3>
{item.description && (
<p className="text-base text-[color:var(--ink-soft)] mb-4">
{item.description}
</p>
)}
</div>
<div className="md:w-80 md:flex-shrink-0 p-6 bg-card-soft border-t md:border-t-0 md:border-l border-[color:var(--border)] flex flex-col">
<div className="mb-4">
{item.purchaseUrls && item.purchaseUrls.length > 0 && (
<div className="space-y-2">
{item.purchaseUrls.map((url, idx) => (
<a
key={idx}
href={url.url}
target="_blank"
rel="noopener noreferrer"
className="flex items-center justify-between text-base px-4 py-3 rounded-xl hover:bg-[color:var(--accent-soft)] transition-colors cursor-pointer border border-[color:var(--border)]"
>
<span className="text-[color:var(--accent)] font-medium">
{url.label}
</span>
<span className="text-[color:var(--ink)] font-bold text-lg">
{item.price && formatPrice(item.price, item.currency)}
</span>
</a>
))}
</div>
)}
</div>
<div className="mt-auto">
{justClaimedItemId === item.id ? (
<div className="bg-[color:var(--success-soft)] border border-[color:var(--success-border)] rounded-xl p-4">
<div className="flex items-center justify-center mb-2">
<div className="w-12 h-12 bg-[color:var(--success)] rounded-full flex items-center justify-center">
<svg className="w-6 h-6 text-white" fill="none" stroke="currentColor" viewBox="0 0 24 24">
<path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 5l7 7-7 7" />
</svg>
</div>
</div>
<p className="text-center text-lg font-semibold text-[color:var(--ink)] mb-1">
Item reservado!
</p>
<p className="text-center text-sm text-[color:var(--ink-soft)] mb-2">
O status está confirmado.
</p>
{justClaimedNote && (
<p className="text-center text-xs text-[color:var(--ink-soft)] italic">
Sua nota: &quot;{justClaimedNote}&quot;
</p>
)}
</div>
) : item.claimedAt ? (
<div className="bg-[color:var(--success-soft)] border border-[color:var(--success-border)] rounded-xl p-3">
{item.claimedByNote && (
<p className="text-xs text-[color:var(--success-ink)] mt-1">
Nota: {item.claimedByNote}
</p>
)}
{item.isPurchased && (
<p className="text-xs text-[color:var(--success-ink)] mt-1 font-medium">
Comprado
</p>
)}
{showClaimed && (
<button
onClick={() => handleUnclaim(item.id)}
disabled={isUnclaiming}
className="mt-3 w-full px-4 py-2 bg-rose-400 text-white rounded-xl hover:bg-rose-500 font-medium disabled:opacity-50 transition-colors cursor-pointer text-sm"
>
{isUnclaiming ? 'Cancelando...' : 'Cancelar reserva'}
</button>
)}
</div>
) : claimingItemId === item.id ? (
<form onSubmit={(e) => handleSubmitClaim(e, item.id)} className="space-y-3">
{claimError && (
<div className="p-2 bg-rose-50 dark:bg-rose-900/20 text-rose-700 dark:text-rose-300 rounded text-xs">
{claimError}
</div>
)}
<div>
<label htmlFor={`claim-note-${item.id}`} className="block text-sm font-medium text-[color:var(--ink-soft)] mb-1">
Deixe uma nota (opcional):
</label>
<textarea
id={`claim-note-${item.id}`}
rows={3}
placeholder="Ex: 'Vou comprar na semana que vem' ou 'Achei uma boa promoção'"
className="w-full px-3 py-2 text-sm border border-[color:var(--border)] rounded-xl focus:outline-none focus:ring-2 focus:ring-[color:var(--accent)] resize-none"
value={claimNote}
onChange={(e) => setClaimNote(e.target.value)}
/>
</div>
<button
type="submit"
disabled={isClaiming}
className="w-full px-4 py-2 bg-[color:var(--success)] text-white rounded-xl hover:brightness-105 font-medium disabled:opacity-50 transition-all cursor-pointer"
>
{isClaiming ? 'Reservando...' : 'Confirmar reserva'}
</button>
</form>
) : (
<button
onClick={() => handleClaimItem(item.id)}
className="w-full px-4 py-2 bg-[color:var(--accent)] text-white rounded-xl hover:brightness-110 font-medium transition-all cursor-pointer shadow-soft"
>
Vou dar este presente
</button>
)}
</div>
</div>
</div>
</div>
))}
</div>
)}
</>
)}
</div>
</div>
<div className="min-h-screen flex items-center justify-center text-center px-6">
<div>
<h1 className="text-3xl font-bold mb-2">Convite necessário</h1>
<p className="text-gray-500">Esta página é por convite. Use o link que recebeu.</p>
</div>
</PasswordLockGuard>
</div>
);
}