root/chadebebe
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(api): tokens on all routes; items expose claims/claimedQuantity/remainingQuantity

Browse Source
This commit is contained in:
belisards
2026-05-03 16:25:19 -03:00
parent 844951c832
commit e518e28957
12 changed files with 139 additions and 214 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
app/api/wishlists/[id]/items/route.ts
View File

@@ -1,7 +1,8 @@
import { NextRequest, NextResponse } from 'next/server';
import { eq, and, desc } from 'drizzle-orm';
import { db, wishlistItems, wishlists } from '@/lib/db';
import { verifyAccessToken } from '@/lib/auth/utils';
import { verifyAdminToken, getGuestFromRequest } from '@/lib/auth/tokens';
import { attachClaimsToItems } from '@/lib/items-with-claims';
export async function GET(
request: NextRequest,
@@ -10,10 +11,11 @@ export async function GET(
try {
const { id } = await params;
// Check for auth token
const token = request.cookies.get('access_token')?.value;
const payload = token ? verifyAccessToken(token) : null;
const isAuthenticated = payload !== null;
const isAdmin = verifyAdminToken(request);
const guest = await getGuestFromRequest(request);
if (!isAdmin && !guest) {
return NextResponse.json({ error: 'Convite necessário' }, { status: 401 });
}
// Check if wishlist exists
const wishlist = await db
@@ -29,20 +31,20 @@ export async function GET(
);
}
// Check permissions
if (!wishlist[0].isPublic && !isAuthenticated) {
// Permissions: guest can only see public wishlists; admin sees all
if (!wishlist[0].isPublic && !isAdmin) {
return NextResponse.json(
{ error: 'This wishlist is private' },
{ status: 403 }
);
}
// Get all items (exclude archived unless authenticated)
const items = await db
// Get all items (exclude archived unless admin)
const raw = await db
.select()
.from(wishlistItems)
.where(
isAuthenticated
isAdmin
? eq(wishlistItems.wishlistId, id)
: and(
eq(wishlistItems.wishlistId, id),
@@ -51,12 +53,11 @@ export async function GET(
)
.orderBy(wishlistItems.sortOrder);
// Return items
const responseItems = items;
const items = await attachClaimsToItems(raw);
return NextResponse.json({
success: true,
items: responseItems,
items,
});
} catch (error) {
console.error('Error fetching items:', error);
@@ -72,21 +73,8 @@ export async function POST(
{ params }: { params: Promise<{ id: string }> }
) {
try {
const token = request.cookies.get('access_token')?.value;
if (!token) {
return NextResponse.json(
{ error: 'Not authenticated' },
{ status: 401 }
);
}
const payload = verifyAccessToken(token);
if (!payload) {
return NextResponse.json(
{ error: 'Invalid or expired token' },
{ status: 401 }
);
if (!verifyAdminToken(request)) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const { id } = await params;

19
app/api/wishlists/[id]/reorder/route.ts
View File

@@ -1,28 +1,15 @@
import { NextRequest, NextResponse } from 'next/server';
import { eq } from 'drizzle-orm';
import { db, wishlists } from '@/lib/db';
import { verifyAccessToken } from '@/lib/auth/utils';
import { verifyAdminToken } from '@/lib/auth/tokens';
export async function POST(
request: NextRequest,
{ params }: { params: Promise<{ id: string }> }
) {
try {
const token = request.cookies.get('access_token')?.value;
if (!token) {
return NextResponse.json(
{ error: 'Not authenticated' },
{ status: 401 }
);
}
const payload = verifyAccessToken(token);
if (!payload) {
return NextResponse.json(
{ error: 'Invalid or expired token' },
{ status: 401 }
);
if (!verifyAdminToken(request)) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const { id } = await params;

53
app/api/wishlists/[id]/route.ts
View File

@@ -1,28 +1,15 @@
import { NextRequest, NextResponse } from 'next/server';
import { eq } from 'drizzle-orm';
import { db, wishlists } from '@/lib/db';
import { verifyAccessToken } from '@/lib/auth/utils';
import { verifyAdminToken } from '@/lib/auth/tokens';
export async function GET(
request: NextRequest,
{ params }: { params: Promise<{ id: string }> }
) {
try {
const token = request.cookies.get('access_token')?.value;
if (!token) {
return NextResponse.json(
{ error: 'Not authenticated' },
{ status: 401 }
);
}
const payload = verifyAccessToken(token);
if (!payload) {
return NextResponse.json(
{ error: 'Invalid or expired token' },
{ status: 401 }
);
if (!verifyAdminToken(request)) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const { id } = await params;
@@ -58,21 +45,8 @@ export async function PATCH(
{ params }: { params: Promise<{ id: string }> }
) {
try {
const token = request.cookies.get('access_token')?.value;
if (!token) {
return NextResponse.json(
{ error: 'Not authenticated' },
{ status: 401 }
);
}
const payload = verifyAccessToken(token);
if (!payload) {
return NextResponse.json(
{ error: 'Invalid or expired token' },
{ status: 401 }
);
if (!verifyAdminToken(request)) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const { id } = await params;
@@ -145,21 +119,8 @@ export async function DELETE(
{ params }: { params: Promise<{ id: string }> }
) {
try {
const token = request.cookies.get('access_token')?.value;
if (!token) {
return NextResponse.json(
{ error: 'Not authenticated' },
{ status: 401 }
);
}
const payload = verifyAccessToken(token);
if (!payload) {
return NextResponse.json(
{ error: 'Invalid or expired token' },
{ status: 401 }
);
if (!verifyAdminToken(request)) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const { id } = await params;

36
app/api/wishlists/route.ts
View File

@@ -1,25 +1,12 @@
import { NextRequest, NextResponse } from 'next/server';
import { eq, asc } from 'drizzle-orm';
import { db, wishlists } from '@/lib/db';
import { verifyAccessToken } from '@/lib/auth/utils';
import { verifyAdminToken } from '@/lib/auth/tokens';
export async function GET(request: NextRequest) {
try {
const token = request.cookies.get('access_token')?.value;
if (!token) {
return NextResponse.json(
{ error: 'Not authenticated' },
{ status: 401 }
);
}
const payload = verifyAccessToken(token);
if (!payload) {
return NextResponse.json(
{ error: 'Invalid or expired token' },
{ status: 401 }
);
if (!verifyAdminToken(request)) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const allWishlists = await db
@@ -42,21 +29,8 @@ export async function GET(request: NextRequest) {
export async function POST(request: NextRequest) {
try {
const token = request.cookies.get('access_token')?.value;
if (!token) {
return NextResponse.json(
{ error: 'Not authenticated' },
{ status: 401 }
);
}
const payload = verifyAccessToken(token);
if (!payload) {
return NextResponse.json(
{ error: 'Invalid or expired token' },
{ status: 401 }
);
if (!verifyAdminToken(request)) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const body = await request.json();