root/chadebebe
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: allow anonymous public wishlist viewing

Browse Source
This commit is contained in:
Adriano Belisario
2026-05-04 00:09:43 +00:00
parent 6c8e11c851
commit 78bef85c96
6 changed files with 31 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/[slug]/page.tsx
View File

@@ -202,7 +202,7 @@ function PublicWishlistContent() {
const maxForMe = item.remainingQuantity + (myClaim?.quantity ?? 0); const maxForMe = item.remainingQuantity + (myClaim?.quantity ?? 0);
const showQuantitySummary = item.quantity > 1 && siteSettings.showQuantity; const showQuantitySummary = item.quantity > 1 && siteSettings.showQuantity;
const sold = item.remainingQuantity === 0 && !myClaim; const sold = item.remainingQuantity === 0 && !myClaim;
const canClaim = siteSettings.claimingEnabled; const canClaim = siteSettings.claimingEnabled && Boolean(currentGuestId);
return ( return (
<div <div

14
app/api/[slug]/route.ts
View File

@@ -8,13 +8,9 @@ export async function GET(
{ params }: { params: Promise<{ slug: string }> } { params }: { params: Promise<{ slug: string }> }
) { ) {
try { try {
const { slug } = await params;
const isAdmin = verifyAdminToken(request); const isAdmin = verifyAdminToken(request);
const guest = await getGuestFromRequest(request); const guest = await getGuestFromRequest(request);
if (!isAdmin && !guest) {
return NextResponse.json({ error: 'Convite necessário' }, { status: 401 });
}
const { slug } = await params;
const wishlist = await db const wishlist = await db
.select() .select()
@@ -29,11 +25,11 @@ export async function GET(
); );
} }
// Only return public wishlists (admin can see all) // Public wishlists can be viewed anonymously; private wishlists require admin or guest access.
if (!wishlist[0].isPublic && !isAdmin) { if (!wishlist[0].isPublic && !isAdmin && !guest) {
return NextResponse.json( return NextResponse.json(
{ error: 'Wishlist not found' }, { error: 'Convite necessário' },
{ status: 404 } { status: 401 }
); );
} }

15
app/api/items/[id]/route.ts
View File

@@ -11,12 +11,6 @@ export async function GET(
try { try {
const { id } = await params; const { id } = await params;
const isAdmin = verifyAdminToken(request);
const guest = await getGuestFromRequest(request);
if (!isAdmin && !guest) {
return NextResponse.json({ error: 'Convite necessário' }, { status: 401 });
}
// Get item // Get item
const item = await db const item = await db
.select() .select()
@@ -45,10 +39,13 @@ export async function GET(
); );
} }
if (!wishlist[0].isPublic && !isAdmin) { const isAdmin = verifyAdminToken(request);
const guest = await getGuestFromRequest(request);
if (!wishlist[0].isPublic && !isAdmin && !guest) {
return NextResponse.json( return NextResponse.json(
{ error: 'This item is private' }, { error: 'Convite necessário' },
{ status: 403 } { status: 401 }
); );
} }

11
app/api/public/wishlists/route.ts
View File

@@ -1,16 +1,9 @@
import { NextRequest, NextResponse } from 'next/server'; import { NextResponse } from 'next/server';
import { eq, asc } from 'drizzle-orm'; import { eq, asc } from 'drizzle-orm';
import { db, wishlists } from '@/lib/db'; import { db, wishlists } from '@/lib/db';
import { getGuestFromRequest, verifyAdminToken } from '@/lib/auth/tokens';
export async function GET(request: NextRequest) { export async function GET() {
try { try {
const isAdmin = verifyAdminToken(request);
const guest = await getGuestFromRequest(request);
if (!isAdmin && !guest) {
return NextResponse.json({ error: 'Convite necessário' }, { status: 401 });
}
// Fetch only public wishlists // Fetch only public wishlists
const publicWishlists = await db const publicWishlists = await db
.select() .select()

17
app/api/wishlists/[id]/items/route.ts
View File

@@ -11,12 +11,6 @@ export async function GET(
try { try {
const { id } = await params; const { id } = await params;
const isAdmin = verifyAdminToken(request);
const guest = await getGuestFromRequest(request);
if (!isAdmin && !guest) {
return NextResponse.json({ error: 'Convite necessário' }, { status: 401 });
}
// Check if wishlist exists // Check if wishlist exists
const wishlist = await db const wishlist = await db
.select() .select()
@@ -31,11 +25,14 @@ export async function GET(
); );
} }
// Permissions: guest can only see public wishlists; admin sees all const isAdmin = verifyAdminToken(request);
if (!wishlist[0].isPublic && !isAdmin) { const guest = await getGuestFromRequest(request);
// Public wishlists can be viewed anonymously; private wishlists require admin or guest access.
if (!wishlist[0].isPublic && !isAdmin && !guest) {
return NextResponse.json( return NextResponse.json(
{ error: 'This wishlist is private' }, { error: 'Convite necessário' },
{ status: 403 } { status: 401 }
); );
} }

11
components/guest-guard.tsx
View File

@@ -1,7 +1,7 @@
'use client'; 'use client';
import { useEffect, useState } from 'react'; import { useEffect, useState } from 'react';
import { authApi } from '@/lib/api'; import { authApi, wishlistsApi } from '@/lib/api';
type Status = 'checking' | { kind: 'ok'; guestName: string } | 'denied'; type Status = 'checking' | { kind: 'ok'; guestName: string } | 'denied';
@@ -21,6 +21,15 @@ export default function GuestGuard({ children }: { children: React.ReactNode })
if (who.role === 'admin' || who.role === 'guest') { if (who.role === 'admin' || who.role === 'guest') {
setStatus({ kind: 'ok', guestName: who.guest?.name ?? 'admin' }); setStatus({ kind: 'ok', guestName: who.guest?.name ?? 'admin' });
} else { } else {
const slug = window.location.pathname.split('/').filter(Boolean)[0];
if (slug) {
const wishlist = await wishlistsApi.getBySlug(slug);
if (cancelled) return;
if (wishlist.isPublic) {
setStatus({ kind: 'ok', guestName: 'visitante' });
return;
}
}
setStatus('denied'); setStatus('denied');
} }
} catch { } catch {