feat(api): tokens on all routes; items expose claims/claimedQuantity/remainingQuantity

2026-05-03 16:25:19 -03:00
parent 844951c832
commit e518e28957
12 changed files with 139 additions and 214 deletions
--- a/app/api/wishlists/[id]/route.ts
+++ b/app/api/wishlists/[id]/route.ts
@@ -1,28 +1,15 @@
 import { NextRequest, NextResponse } from 'next/server';
 import { eq } from 'drizzle-orm';
 import { db, wishlists } from '@/lib/db';
-import { verifyAccessToken } from '@/lib/auth/utils';
+import { verifyAdminToken } from '@/lib/auth/tokens';

 export async function GET(
  request: NextRequest,
  { params }: { params: Promise<{ id: string }> }
 ) {
  try {
-    const token = request.cookies.get('access_token')?.value;
-
-    if (!token) {
-      return NextResponse.json(
-        { error: 'Not authenticated' },
-        { status: 401 }
-      );
-    }
-
-    const payload = verifyAccessToken(token);
-    if (!payload) {
-      return NextResponse.json(
-        { error: 'Invalid or expired token' },
-        { status: 401 }
-      );
+    if (!verifyAdminToken(request)) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
    }

    const { id } = await params;
@@ -58,21 +45,8 @@ export async function PATCH(
  { params }: { params: Promise<{ id: string }> }
 ) {
  try {
-    const token = request.cookies.get('access_token')?.value;
-
-    if (!token) {
-      return NextResponse.json(
-        { error: 'Not authenticated' },
-        { status: 401 }
-      );
-    }
-
-    const payload = verifyAccessToken(token);
-    if (!payload) {
-      return NextResponse.json(
-        { error: 'Invalid or expired token' },
-        { status: 401 }
-      );
+    if (!verifyAdminToken(request)) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
    }

    const { id } = await params;
@@ -145,21 +119,8 @@ export async function DELETE(
  { params }: { params: Promise<{ id: string }> }
 ) {
  try {
-    const token = request.cookies.get('access_token')?.value;
-
-    if (!token) {
-      return NextResponse.json(
-        { error: 'Not authenticated' },
-        { status: 401 }
-      );
-    }
-
-    const payload = verifyAccessToken(token);
-    if (!payload) {
-      return NextResponse.json(
-        { error: 'Invalid or expired token' },
-        { status: 401 }
-      );
+    if (!verifyAdminToken(request)) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
    }

    const { id } = await params;