fix: konvertera alla API route handlers till withAuth wrapper
Ersätter getAuthHeaders() + auth() standalone med withAuth() wrapper i alla route handlers. Auth() standalone fungerar inte korrekt i Next.js 16 + NextAuth beta.28 pga async cookies() kompatibilitet. withAuth() använder auth() i wrapper-form sa att request.auth populeras direkt av NextAuth. Pavaerkade filer: 27 route handlers + ny lib/with-auth.ts
This commit is contained in:
Nils-Johan Gynther
@@ -1,28 +1,15 @@
|
||||
import { auth } from '../../../../auth';
|
||||
import { withAuth } from '../../../../lib/with-auth';
|
||||
|
||||
const API_BASE = process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
|
||||
|
||||
async function getAuthHeaders(): Promise<Record<string, string>> {
|
||||
const session = await auth();
|
||||
if (!session?.accessToken) return {};
|
||||
return { Authorization: `Bearer ${session.accessToken}` };
|
||||
}
|
||||
|
||||
// POST /api/admin/bulk-categorize
|
||||
// Body: { productIds?: number[] }
|
||||
export async function POST(req: Request) {
|
||||
export const POST = withAuth(async (req, session) => {
|
||||
try {
|
||||
const body = await req.json().catch(() => ({}));
|
||||
const { productIds } = body;
|
||||
|
||||
const authHeaders = await getAuthHeaders();
|
||||
if (!authHeaders.Authorization) {
|
||||
return Response.json({ error: 'Unauthorized' }, { status: 401 });
|
||||
}
|
||||
|
||||
const res = await fetch(`${API_BASE}/api/products/ai-categorize-bulk`, {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json', ...authHeaders },
|
||||
headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${session.accessToken}` },
|
||||
body: JSON.stringify({ productIds }),
|
||||
});
|
||||
|
||||
@@ -40,4 +27,4 @@ export async function POST(req: Request) {
|
||||
{ status: 500 },
|
||||
);
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
@@ -1,16 +1,8 @@
|
||||
import { auth } from '../../../../auth';
|
||||
import { withAuth } from '../../../../lib/with-auth';
|
||||
|
||||
const API_BASE = process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
|
||||
|
||||
async function getAuthHeaders(): Promise<Record<string, string>> {
|
||||
const session = await auth();
|
||||
if (!session?.accessToken) {
|
||||
return {};
|
||||
}
|
||||
return { Authorization: `Bearer ${session.accessToken}` };
|
||||
}
|
||||
|
||||
export async function POST(req: Request) {
|
||||
export const POST = withAuth(async (req, session) => {
|
||||
try {
|
||||
const body = await req.json();
|
||||
const { name } = body;
|
||||
@@ -19,10 +11,9 @@ export async function POST(req: Request) {
|
||||
return Response.json({ error: 'Name is required' }, { status: 400 });
|
||||
}
|
||||
|
||||
const authHeaders = await getAuthHeaders();
|
||||
const res = await fetch(`${API_BASE}/api/products`, {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json', ...authHeaders },
|
||||
headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${session.accessToken}` },
|
||||
body: JSON.stringify({ name }),
|
||||
});
|
||||
|
||||
@@ -43,4 +34,4 @@ export async function POST(req: Request) {
|
||||
{ status: 500 },
|
||||
);
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
@@ -1,29 +1,22 @@
|
||||
import { NextRequest, NextResponse } from 'next/server';
|
||||
import { getAuthHeaders } from '../../../../lib/auth-headers';
|
||||
import { NextResponse } from 'next/server';
|
||||
import { withAuth } from '../../../../lib/with-auth';
|
||||
|
||||
const API_BASE =
|
||||
process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
|
||||
|
||||
export async function GET(request: NextRequest) {
|
||||
const authHeaders = await getAuthHeaders();
|
||||
const sourceProductId = request.nextUrl.searchParams.get('sourceProductId');
|
||||
const targetProductId = request.nextUrl.searchParams.get('targetProductId');
|
||||
export const GET = withAuth(async (request, session) => {
|
||||
const { searchParams } = new URL(request.url);
|
||||
const sourceProductId = searchParams.get('sourceProductId');
|
||||
const targetProductId = searchParams.get('targetProductId');
|
||||
|
||||
const res = await fetch(
|
||||
`${API_BASE}/api/products/merge-preview?sourceProductId=${sourceProductId}&targetProductId=${targetProductId}`,
|
||||
{
|
||||
method: 'GET',
|
||||
headers: { ...authHeaders },
|
||||
headers: { Authorization: `Bearer ${session.accessToken}` },
|
||||
cache: 'no-store',
|
||||
},
|
||||
);
|
||||
|
||||
const text = await res.text();
|
||||
|
||||
return new NextResponse(text, {
|
||||
status: res.status,
|
||||
headers: {
|
||||
'Content-Type': 'application/json',
|
||||
},
|
||||
});
|
||||
}
|
||||
return new NextResponse(text, { status: res.status, headers: { 'Content-Type': 'application/json' } });
|
||||
});
|
||||
@@ -1,23 +1,10 @@
|
||||
import { auth } from '../../../../../auth';
|
||||
import { withAuth } from '../../../../../lib/with-auth';
|
||||
|
||||
const API_BASE = process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
|
||||
|
||||
async function getAuthHeaders(): Promise<Record<string, string>> {
|
||||
const session = await auth();
|
||||
if (!session?.accessToken) {
|
||||
return {};
|
||||
}
|
||||
return { Authorization: `Bearer ${session.accessToken}` };
|
||||
}
|
||||
|
||||
// PATCH /api/admin/product/[id]
|
||||
// Body: { name, canonicalName, category, subcategory, brand, categoryId, tags }
|
||||
export async function PATCH(
|
||||
req: Request,
|
||||
{ params }: { params: Promise<{ id: string }> },
|
||||
) {
|
||||
export const PATCH = withAuth(async (req, session, context) => {
|
||||
try {
|
||||
const { id } = await params;
|
||||
const { id } = await context.params;
|
||||
const productId = Number(id);
|
||||
if (!productId) return Response.json({ error: 'Invalid id' }, { status: 400 });
|
||||
|
||||
@@ -28,15 +15,11 @@ export async function PATCH(
|
||||
return Response.json({ error: 'Namn får inte vara tomt.' }, { status: 400 });
|
||||
}
|
||||
|
||||
const authHeaders = await getAuthHeaders();
|
||||
if (!authHeaders.Authorization) {
|
||||
return Response.json({ error: 'Unauthorized' }, { status: 401 });
|
||||
}
|
||||
const authHeader = `Bearer ${session.accessToken}`;
|
||||
|
||||
// 1. Update product fields
|
||||
const patchRes = await fetch(`${API_BASE}/api/products/${productId}`, {
|
||||
method: 'PATCH',
|
||||
headers: { 'Content-Type': 'application/json', ...authHeaders },
|
||||
headers: { 'Content-Type': 'application/json', Authorization: authHeader },
|
||||
body: JSON.stringify({
|
||||
name: name.trim(),
|
||||
canonicalName: canonicalName?.trim() || undefined,
|
||||
@@ -53,10 +36,9 @@ export async function PATCH(
|
||||
return Response.json({ error: `Kunde inte uppdatera produkt: ${text}` }, { status: patchRes.status });
|
||||
}
|
||||
|
||||
// 2. Update tags
|
||||
const tagsRes = await fetch(`${API_BASE}/api/products/${productId}/tags`, {
|
||||
method: 'PUT',
|
||||
headers: { 'Content-Type': 'application/json', ...authHeaders },
|
||||
headers: { 'Content-Type': 'application/json', Authorization: authHeader },
|
||||
body: JSON.stringify({ tags: tags ?? [] }),
|
||||
});
|
||||
|
||||
@@ -66,17 +48,15 @@ export async function PATCH(
|
||||
return Response.json({ error: `Kunde inte uppdatera taggar: ${text}` }, { status: tagsRes.status });
|
||||
}
|
||||
|
||||
// 3. Return the complete updated product
|
||||
const fullRes = await fetch(`${API_BASE}/api/products/${productId}`, {
|
||||
headers: authHeaders,
|
||||
headers: { Authorization: authHeader },
|
||||
});
|
||||
|
||||
if (!fullRes.ok) {
|
||||
return Response.json({ error: 'Produkt uppdaterad men kunde inte hämtas' }, { status: 500 });
|
||||
}
|
||||
|
||||
const product = await fullRes.json();
|
||||
return Response.json(product);
|
||||
return Response.json(await fullRes.json());
|
||||
} catch (err) {
|
||||
console.error('[api/admin/product] PATCH error:', err);
|
||||
return Response.json(
|
||||
@@ -84,26 +64,17 @@ export async function PATCH(
|
||||
{ status: 500 },
|
||||
);
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
// DELETE /api/admin/product/[id]
|
||||
export async function DELETE(
|
||||
_req: Request,
|
||||
{ params }: { params: Promise<{ id: string }> },
|
||||
) {
|
||||
export const DELETE = withAuth(async (_req, session, context) => {
|
||||
try {
|
||||
const { id } = await params;
|
||||
const { id } = await context.params;
|
||||
const productId = Number(id);
|
||||
if (!productId) return Response.json({ error: 'Invalid id' }, { status: 400 });
|
||||
|
||||
const authHeaders = await getAuthHeaders();
|
||||
if (!authHeaders.Authorization) {
|
||||
return Response.json({ error: 'Unauthorized' }, { status: 401 });
|
||||
}
|
||||
|
||||
const res = await fetch(`${API_BASE}/api/products/${productId}`, {
|
||||
method: 'DELETE',
|
||||
headers: authHeaders,
|
||||
headers: { Authorization: `Bearer ${session.accessToken}` },
|
||||
});
|
||||
|
||||
if (!res.ok) {
|
||||
@@ -120,4 +91,5 @@ export async function DELETE(
|
||||
{ status: 500 },
|
||||
);
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
@@ -1,30 +1,15 @@
|
||||
import { auth } from '../../../../../auth';
|
||||
import { withAuth } from '../../../../../lib/with-auth';
|
||||
|
||||
const API_BASE = process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
|
||||
|
||||
async function getAuthHeaders(): Promise<Record<string, string>> {
|
||||
const session = await auth();
|
||||
if (!session?.accessToken) return {};
|
||||
return { Authorization: `Bearer ${session.accessToken}` };
|
||||
}
|
||||
|
||||
// GET /api/admin/suggest-category/[id]
|
||||
export async function GET(
|
||||
_req: Request,
|
||||
{ params }: { params: Promise<{ id: string }> },
|
||||
) {
|
||||
export const GET = withAuth(async (_req, session, context) => {
|
||||
try {
|
||||
const { id } = await params;
|
||||
const { id } = await context.params;
|
||||
const productId = Number(id);
|
||||
if (!productId) return Response.json({ error: 'Invalid id' }, { status: 400 });
|
||||
|
||||
const authHeaders = await getAuthHeaders();
|
||||
if (!authHeaders.Authorization) {
|
||||
return Response.json({ error: 'Unauthorized' }, { status: 401 });
|
||||
}
|
||||
|
||||
const res = await fetch(`${API_BASE}/api/products/${productId}/suggest-category`, {
|
||||
headers: authHeaders,
|
||||
headers: { Authorization: `Bearer ${session.accessToken}` },
|
||||
});
|
||||
|
||||
if (!res.ok) {
|
||||
@@ -41,4 +26,4 @@ export async function GET(
|
||||
{ status: 500 },
|
||||
);
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
@@ -1,29 +1,17 @@
|
||||
import { auth } from '../../../../../auth';
|
||||
import { withAuth } from '../../../../../lib/with-auth';
|
||||
|
||||
const API_BASE = process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
|
||||
|
||||
async function getAuthHeaders(): Promise<Record<string, string>> {
|
||||
const session = await auth();
|
||||
if (!session?.accessToken) {
|
||||
return {};
|
||||
}
|
||||
return { Authorization: `Bearer ${session.accessToken}` };
|
||||
}
|
||||
|
||||
export async function PATCH(
|
||||
req: Request,
|
||||
{ params }: { params: Promise<{ id: string }> },
|
||||
) {
|
||||
export const PATCH = withAuth(async (req, session, context) => {
|
||||
try {
|
||||
const { id } = await params;
|
||||
const { id } = await context.params;
|
||||
const productId = parseInt(id, 10);
|
||||
const body = await req.json();
|
||||
const { categoryId } = body;
|
||||
|
||||
const authHeaders = await getAuthHeaders();
|
||||
const res = await fetch(`${API_BASE}/api/products/${productId}`, {
|
||||
method: 'PATCH',
|
||||
headers: { 'Content-Type': 'application/json', ...authHeaders },
|
||||
headers: { 'Content-Type': 'application/json', Authorization: `Bearer ${session.accessToken}` },
|
||||
body: JSON.stringify({ categoryId }),
|
||||
});
|
||||
|
||||
@@ -45,4 +33,4 @@ export async function PATCH(
|
||||
{ status: 500 },
|
||||
);
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user