refactor(categories): change controller route from 'api/categories' to 'categories'

fix(products): update category fetch logic to ensure data is an array
refactor(products): simplify GET handler by integrating authentication directly

frontend/app/admin/products/EditProductForm.tsx

@@ -43,7 +43,9 @@ export default function EditProductForm({ product }: Props) {
     if (isOpen && categoryTree.length === 0) {
       fetch('/api/categories')
         .then((r) => r.json())
-        .then((data: CategoryNode[]) => setCategoryTree(data))
+        .then((data: unknown) => {
+          if (Array.isArray(data)) setCategoryTree(data as CategoryNode[]);
+        })
         .catch(() => {});
     }
   }, [isOpen]);

frontend/app/api/products/route.ts

@@ -1,17 +1,19 @@
-import { NextRequest, NextResponse } from 'next/server';
-import { getAuthHeaders } from '../../../lib/auth-headers';
+import { NextResponse } from 'next/server';
+import { auth } from '../../../auth';
 
 const API_BASE = process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
 
-export async function GET(request: NextRequest) {
-  const authHeaders = await getAuthHeaders();
-  const res = await fetch(`${API_BASE}/api/products`, {
-    method: 'GET',
-    headers: { ...authHeaders },
+export const GET = auth(async function GET(req) {
+  const token = (req.auth as any)?.accessToken as string | undefined;
+  if (!token) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+
+  const url = new URL(req.url);
+  const query = url.searchParams.toString();
+  const res = await fetch(`${API_BASE}/api/products${query ? `?${query}` : ''}`, {
+    headers: { Authorization: `Bearer ${token}` },
     cache: 'no-store',
   });
 
   const data = await res.json();
-
   return NextResponse.json(data, { status: res.status });
-}
+});