nilsjohan/recipe-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: konvertera alla API route handlers till withAuth wrapper

Browse Source 
Ersätter getAuthHeaders() + auth() standalone med withAuth() wrapper
i alla route handlers. Auth() standalone fungerar inte korrekt i
Next.js 16 + NextAuth beta.28 pga async cookies() kompatibilitet.
withAuth() använder auth() i wrapper-form sa att request.auth
populeras direkt av NextAuth.

Pavaerkade filer: 27 route handlers + ny lib/with-auth.ts
This commit is contained in:
Nils-Johan Gynther
2026-04-19 21:11:14 +02:00
parent 390e979cdb
commit 722440b9b5
28 changed files with 247 additions and 453 deletions
Download Patch File Download Diff File Expand all files Collapse all files
frontend/app/api/admin/product/[id]/route.ts
+14 -42
View File
@@ -1,23 +1,10 @@
import { auth } from '../../../../../auth';
import { withAuth } from '../../../../../lib/with-auth';
const API_BASE = process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
async function getAuthHeaders(): Promise<Record<string, string>> {
const session = await auth();
if (!session?.accessToken) {
return {};
}
return { Authorization: `Bearer ${session.accessToken}` };
}
// PATCH /api/admin/product/[id]
// Body: { name, canonicalName, category, subcategory, brand, categoryId, tags }
export async function PATCH(
req: Request,
{ params }: { params: Promise<{ id: string }> },
) {
export const PATCH = withAuth(async (req, session, context) => {
try {
const { id } = await params;
const { id } = await context.params;
const productId = Number(id);
if (!productId) return Response.json({ error: 'Invalid id' }, { status: 400 });
@@ -28,15 +15,11 @@ export async function PATCH(
return Response.json({ error: 'Namn får inte vara tomt.' }, { status: 400 });
}
const authHeaders = await getAuthHeaders();
if (!authHeaders.Authorization) {
return Response.json({ error: 'Unauthorized' }, { status: 401 });
}
const authHeader = `Bearer ${session.accessToken}`;
// 1. Update product fields
const patchRes = await fetch(`${API_BASE}/api/products/${productId}`, {
method: 'PATCH',
headers: { 'Content-Type': 'application/json', ...authHeaders },
headers: { 'Content-Type': 'application/json', Authorization: authHeader },
body: JSON.stringify({
name: name.trim(),
canonicalName: canonicalName?.trim() || undefined,
@@ -53,10 +36,9 @@ export async function PATCH(
return Response.json({ error: `Kunde inte uppdatera produkt: ${text}` }, { status: patchRes.status });
}
// 2. Update tags
const tagsRes = await fetch(`${API_BASE}/api/products/${productId}/tags`, {
method: 'PUT',
headers: { 'Content-Type': 'application/json', ...authHeaders },
headers: { 'Content-Type': 'application/json', Authorization: authHeader },
body: JSON.stringify({ tags: tags ?? [] }),
});
@@ -66,17 +48,15 @@ export async function PATCH(
return Response.json({ error: `Kunde inte uppdatera taggar: ${text}` }, { status: tagsRes.status });
}
// 3. Return the complete updated product
const fullRes = await fetch(`${API_BASE}/api/products/${productId}`, {
headers: authHeaders,
headers: { Authorization: authHeader },
});
if (!fullRes.ok) {
return Response.json({ error: 'Produkt uppdaterad men kunde inte hämtas' }, { status: 500 });
}
const product = await fullRes.json();
return Response.json(product);
return Response.json(await fullRes.json());
} catch (err) {
console.error('[api/admin/product] PATCH error:', err);
return Response.json(
@@ -84,26 +64,17 @@ export async function PATCH(
{ status: 500 },
);
}
}
});
// DELETE /api/admin/product/[id]
export async function DELETE(
_req: Request,
{ params }: { params: Promise<{ id: string }> },
) {
export const DELETE = withAuth(async (_req, session, context) => {
try {
const { id } = await params;
const { id } = await context.params;
const productId = Number(id);
if (!productId) return Response.json({ error: 'Invalid id' }, { status: 400 });
const authHeaders = await getAuthHeaders();
if (!authHeaders.Authorization) {
return Response.json({ error: 'Unauthorized' }, { status: 401 });
}
const res = await fetch(`${API_BASE}/api/products/${productId}`, {
method: 'DELETE',
headers: authHeaders,
headers: { Authorization: `Bearer ${session.accessToken}` },
});
if (!res.ok) {
@@ -120,4 +91,5 @@ export async function DELETE(
{ status: 500 },
);
}
}
});