feat(api): implement product creation and category update endpoints

frontend/app/api/products-create/route.ts

@@ -0,0 +1,46 @@
+import { getAuthHeaders } from '@/lib/auth-headers';
+
+const API_BASE = process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
+
+export async function POST(req: Request) {
+  try {
+    const body = await req.json();
+    const { name } = body;
+
+    if (!name || typeof name !== 'string') {
+      return Response.json({ error: 'Name is required' }, { status: 400 });
+    }
+
+    const authHeaders = await getAuthHeaders();
+    console.log('[products-create] Auth headers:', authHeaders ? 'YES' : 'NO');
+
+    const res = await fetch(`${API_BASE}/api/products`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json', ...authHeaders },
+      body: JSON.stringify({ name }),
+    });
+
+    if (!res.ok) {
+      const e = await res.json().catch(() => ({}));
+      return Response.json(
+        { error: e.message ?? `HTTP ${res.status}` },
+        { status: res.status },
+      );
+    }
+
+    const product = await res.json();
+
+    // Return only serializable fields
+    return Response.json({
+      id: product.id,
+      name: product.name,
+      canonicalName: product.canonicalName ?? null,
+    });
+  } catch (err) {
+    console.error('[products-create] Error:', err);
+    return Response.json(
+      { error: err instanceof Error ? err.message : 'Unknown error' },
+      { status: 500 },
+    );
+  }
+}

frontend/app/api/products-update/[id]/route.ts

@@ -0,0 +1,51 @@
+import { getAuthHeaders } from '@/lib/auth-headers';
+
+const API_BASE = process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
+
+export async function PATCH(
+  req: Request,
+  { params }: { params: { id: string } },
+) {
+  try {
+    const productId = parseInt(params.id, 10);
+    const body = await req.json();
+    const { categoryId } = body;
+
+    if (!categoryId || typeof categoryId !== 'number') {
+      return Response.json({ error: 'categoryId is required' }, { status: 400 });
+    }
+
+    const authHeaders = await getAuthHeaders();
+    console.log('[products-update] Auth headers:', authHeaders ? 'YES' : 'NO');
+
+    const res = await fetch(`${API_BASE}/api/products/${productId}`, {
+      method: 'PATCH',
+      headers: { 'Content-Type': 'application/json', ...authHeaders },
+      body: JSON.stringify({ categoryId }),
+    });
+
+    if (!res.ok) {
+      const e = await res.json().catch(() => ({}));
+      return Response.json(
+        { error: e.message ?? `HTTP ${res.status}` },
+        { status: res.status },
+      );
+    }
+
+    const product = await res.json();
+
+    // Return only serializable fields
+    return Response.json({
+      id: product.id,
+      name: product.name,
+      canonicalName: product.canonicalName ?? null,
+      categoryId: product.categoryId ?? null,
+    });
+  } catch (err) {
+    console.error('[products-update] Error:', err);
+    return Response.json(
+      { error: err instanceof Error ? err.message : 'Unknown error' },
+      { status: 500 },
+    );
+  }
+}