chore: remove password-lock; switch to ADMIN_TOKEN env; update docs
This commit is contained in:
belisards
@@ -2,20 +2,17 @@ import { NextRequest, NextResponse } from 'next/server';
|
||||
import { eq } from 'drizzle-orm';
|
||||
import { db, settings } from '@/lib/db';
|
||||
import { verifyAdminToken } from '@/lib/auth/tokens';
|
||||
import crypto from 'crypto';
|
||||
|
||||
// GET /api/settings - Get all settings (public endpoint for reading only)
|
||||
export async function GET(request: NextRequest) {
|
||||
export async function GET() {
|
||||
try {
|
||||
const allSettings = await db.select().from(settings);
|
||||
|
||||
// Convert to key-value object
|
||||
const settingsObj = allSettings.reduce((acc, setting) => {
|
||||
acc[setting.key] = setting.value;
|
||||
return acc;
|
||||
}, {} as Record<string, string | boolean>);
|
||||
}, {} as Record<string, string>);
|
||||
|
||||
// Set defaults if not found
|
||||
if (!settingsObj.siteTitle) {
|
||||
settingsObj.siteTitle = 'Wishlist';
|
||||
}
|
||||
@@ -23,12 +20,12 @@ export async function GET(request: NextRequest) {
|
||||
settingsObj.homepageSubtext = 'Browse and explore available wishlists';
|
||||
}
|
||||
|
||||
// Convert passwordLockEnabled to boolean
|
||||
(settingsObj as any).passwordLockEnabled = settingsObj.passwordLockEnabled === 'true';
|
||||
|
||||
return NextResponse.json({
|
||||
success: true,
|
||||
settings: settingsObj,
|
||||
settings: {
|
||||
siteTitle: settingsObj.siteTitle,
|
||||
homepageSubtext: settingsObj.homepageSubtext,
|
||||
},
|
||||
});
|
||||
} catch (error) {
|
||||
console.error('Error fetching settings:', error);
|
||||
@@ -47,9 +44,8 @@ export async function PUT(request: NextRequest) {
|
||||
}
|
||||
|
||||
const body = await request.json();
|
||||
const { siteTitle, homepageSubtext, passwordLockEnabled, passwordLock } = body;
|
||||
const { siteTitle, homepageSubtext } = body;
|
||||
|
||||
// Update or insert siteTitle
|
||||
if (siteTitle !== undefined) {
|
||||
const existing = await db
|
||||
.select()
|
||||
@@ -70,7 +66,6 @@ export async function PUT(request: NextRequest) {
|
||||
}
|
||||
}
|
||||
|
||||
// Update or insert homepageSubtext
|
||||
if (homepageSubtext !== undefined) {
|
||||
const existing = await db
|
||||
.select()
|
||||
@@ -91,52 +86,6 @@ export async function PUT(request: NextRequest) {
|
||||
}
|
||||
}
|
||||
|
||||
// Update or insert passwordLockEnabled
|
||||
if (passwordLockEnabled !== undefined) {
|
||||
const value = passwordLockEnabled ? 'true' : 'false';
|
||||
const existing = await db
|
||||
.select()
|
||||
.from(settings)
|
||||
.where(eq(settings.key, 'passwordLockEnabled'))
|
||||
.limit(1);
|
||||
|
||||
if (existing.length > 0) {
|
||||
await db
|
||||
.update(settings)
|
||||
.set({ value, updatedAt: new Date() })
|
||||
.where(eq(settings.key, 'passwordLockEnabled'));
|
||||
} else {
|
||||
await db.insert(settings).values({
|
||||
key: 'passwordLockEnabled',
|
||||
value,
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
// Update password hash if provided
|
||||
if (passwordLock && passwordLock.trim() !== '') {
|
||||
// Hash the password using SHA-256
|
||||
const hash = crypto.createHash('sha256').update(passwordLock).digest('hex');
|
||||
|
||||
const existing = await db
|
||||
.select()
|
||||
.from(settings)
|
||||
.where(eq(settings.key, 'passwordLockHash'))
|
||||
.limit(1);
|
||||
|
||||
if (existing.length > 0) {
|
||||
await db
|
||||
.update(settings)
|
||||
.set({ value: hash, updatedAt: new Date() })
|
||||
.where(eq(settings.key, 'passwordLockHash'));
|
||||
} else {
|
||||
await db.insert(settings).values({
|
||||
key: 'passwordLockHash',
|
||||
value: hash,
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
return NextResponse.json({
|
||||
success: true,
|
||||
message: 'Settings updated successfully',
|
||||
|
||||
Reference in New Issue
Block a user