root/chadebebe
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(api): tokens on all routes; items expose claims/claimedQuantity/remainingQuantity

Browse Source
This commit is contained in:
belisards
2026-05-03 16:25:19 -03:00
parent 844951c832
commit e518e28957
12 changed files with 139 additions and 214 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
app/api/settings/route.ts
View File

@@ -1,7 +1,7 @@
import { NextRequest, NextResponse } from 'next/server';
import { eq } from 'drizzle-orm';
import { db, settings } from '@/lib/db';
import { verifyAccessToken } from '@/lib/auth/utils';
import { verifyAdminToken } from '@/lib/auth/tokens';
import crypto from 'crypto';
// GET /api/settings - Get all settings (public endpoint for reading only)
@@ -42,21 +42,8 @@ export async function GET(request: NextRequest) {
// PUT /api/settings - Update settings (admin only)
export async function PUT(request: NextRequest) {
try {
const token = request.cookies.get('access_token')?.value;
if (!token) {
return NextResponse.json(
{ error: 'Not authenticated' },
{ status: 401 }
);
}
const payload = verifyAccessToken(token);
if (!payload) {
return NextResponse.json(
{ error: 'Invalid or expired token' },
{ status: 401 }
);
if (!verifyAdminToken(request)) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const body = await request.json();