feat(api): tokens on all routes; items expose claims/claimedQuantity/remainingQuantity

2026-05-03 16:25:19 -03:00
parent 844951c832
commit e518e28957
12 changed files with 139 additions and 214 deletions
--- a/app/api/wishlists/route.ts
+++ b/app/api/wishlists/route.ts
@@ -1,25 +1,12 @@
 import { NextRequest, NextResponse } from 'next/server';
 import { eq, asc } from 'drizzle-orm';
 import { db, wishlists } from '@/lib/db';
-import { verifyAccessToken } from '@/lib/auth/utils';
+import { verifyAdminToken } from '@/lib/auth/tokens';

 export async function GET(request: NextRequest) {
  try {
-    const token = request.cookies.get('access_token')?.value;
-
-    if (!token) {
-      return NextResponse.json(
-        { error: 'Not authenticated' },
-        { status: 401 }
-      );
-    }
-
-    const payload = verifyAccessToken(token);
-    if (!payload) {
-      return NextResponse.json(
-        { error: 'Invalid or expired token' },
-        { status: 401 }
-      );
+    if (!verifyAdminToken(request)) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
    }

    const allWishlists = await db
@@ -42,21 +29,8 @@ export async function GET(request: NextRequest) {

 export async function POST(request: NextRequest) {
  try {
-    const token = request.cookies.get('access_token')?.value;
-
-    if (!token) {
-      return NextResponse.json(
-        { error: 'Not authenticated' },
-        { status: 401 }
-      );
-    }
-
-    const payload = verifyAccessToken(token);
-    if (!payload) {
-      return NextResponse.json(
-        { error: 'Invalid or expired token' },
-        { status: 401 }
-      );
+    if (!verifyAdminToken(request)) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
    }

    const body = await request.json();