feat: implement AI categorization for products and add premium access guard

backend/src/products/products.controller.ts

@@ -2,7 +2,6 @@ import {
   Body,
   Controller,
   Delete,
-  ForbiddenException,
   Get,
   HttpCode,
   Param,
@@ -12,6 +11,7 @@ import {
   Put,
   Query,
   Request,
+  UseGuards,
 } from '@nestjs/common';
 import { Throttle } from '@nestjs/throttler';
 import { Public } from '../auth/decorators/public.decorator';
@@ -23,22 +23,12 @@ import { UpdateCanonicalNameDto } from './dto/update-canonical-name.dto';
 import { SetTagsDto } from './dto/set-tags.dto';
 import { UpsertNutritionDto } from './dto/upsert-nutrition.dto';
 import { BulkUpdateProductsDto } from './dto/bulk-update-products.dto';
+import { AiCategorizeBulkDto } from './dto/ai-categorize-bulk.dto';
+import { SetProductStatusDto } from './dto/set-product-status.dto';
 import { Roles } from '../auth/decorators/roles.decorator';
 import { AiService } from '../ai/ai.service';
 import { CategoriesService } from '../categories/categories.service';
-import { IsArray, IsIn, IsInt, IsOptional } from 'class-validator';
-
-class AiCategorizeBulkDto {
-  @IsOptional()
-  @IsArray()
-  @IsInt({ each: true })
-  productIds?: number[];
-}
-
-class SetProductStatusDto {
-  @IsIn(['active', 'rejected'])
-  status: string;
-}
+import { PremiumOrAdminGuard } from '../auth/premium-or-admin.guard';
 
 @Controller('products')
 export class ProductsController {
@@ -94,37 +84,28 @@ export class ProductsController {
   @Post('ai-categorize-bulk')
   @Throttle({ default: { ttl: 60_000, limit: 5 } })
   @HttpCode(200)
-  async aiCategorizeBulk(@Body() body: AiCategorizeBulkDto) {
-    const categories = await this.categoriesService.findFlattened();
-    let products: { id: number; name: string }[];
-    if (body.productIds && body.productIds.length > 0) {
-      const found = await Promise.all(body.productIds.map((id) => this.productsService.findOne(id)));
-      products = found.map((p) => ({ id: p.id, name: p.canonicalName ?? p.name }));
-    } else {
-      products = await this.productsService.findUncategorized();
-    }
-    const results: { productId: number; productName: string; suggestion: object }[] = [];
-    for (const product of products) {
-      const suggestion = await this.aiService.suggestCategory(product.name, categories);
-      results.push({ productId: product.id, productName: product.name, suggestion });
-    }
-    return results;
+  aiCategorizeBulk(@Body() body: AiCategorizeBulkDto) {
+    return this.productsService.aiCategorizeBulk(body.productIds);
   }
 
+  @Roles('admin')
+  @Get('deleted')
+  findDeleted() {
+    return this.productsService.findDeleted();
+  }
+
+  // Tillgänglig för alla inloggade användare
   @Get(':id')
   findOne(@Param('id', ParseIntPipe) id: number) {
     return this.productsService.findOne(id);
   }
 
+  @UseGuards(PremiumOrAdminGuard)
   @Get(':id/suggest-category')
   @Throttle({ default: { ttl: 60_000, limit: 20 } })
   async suggestCategory(
     @Param('id', ParseIntPipe) id: number,
-    @Request() req: { user: { role: string; isPremium: boolean } },
   ) {
-    if (req.user.role !== 'admin' && !req.user.isPremium) {
-      throw new ForbiddenException('Denna funktion kräver premiumkonto');
-    }
     const product = await this.productsService.findOne(id);
     const categories = await this.categoriesService.findFlattened();
     return this.aiService.suggestCategory(product.canonicalName ?? product.name, categories);
@@ -136,6 +117,7 @@ export class ProductsController {
     return this.productsService.create(body);
   }
 
+  // Tillgänglig för alla inloggade användare — req.user.id injiceras av JWT-guard
   @Post('pending')
   createPending(
     @Body() body: CreateProductDto,
@@ -186,12 +168,6 @@ export class ProductsController {
     return this.productsService.update(id, body);
   }
 
-  @Roles('admin')
-  @Get('deleted')
-  findDeleted() {
-    return this.productsService.findDeleted();
-  }
-
   @Roles('admin')
   @Delete(':id/permanent')
   permanentDelete(@Param('id', ParseIntPipe) id: number) {