feat(api): add PATCH endpoint for updating product status with authentication

frontend/app/api/admin/product-status/[id]/route.ts

@@ -0,0 +1,32 @@
+import { NextResponse } from 'next/server';
+import { auth } from '../../../../../auth';
+
+const API_BASE = process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
+
+export async function PATCH(req: Request, { params }: { params: Promise<{ id: string }> }) {
+  const session = await auth();
+  if (!session?.accessToken) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+  }
+
+  const { id } = await params;
+  const body = await req.json();
+  const { status } = body as { status: 'active' | 'rejected' };
+
+  const res = await fetch(`${API_BASE}/api/products/${id}/status`, {
+    method: 'PATCH',
+    headers: {
+      'Content-Type': 'application/json',
+      Authorization: `Bearer ${session.accessToken}`,
+    },
+    body: JSON.stringify({ status }),
+    cache: 'no-store',
+  });
+
+  if (!res.ok) {
+    const text = await res.text();
+    return NextResponse.json({ error: text || 'Kunde inte uppdatera status' }, { status: res.status });
+  }
+
+  return NextResponse.json({ ok: true });
+}