nilsjohan/recipe-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): implement role-based access control and user management features

Browse Source
This commit is contained in:
Nils-Johan Gynther
2026-04-18 09:34:22 +02:00
parent 20330f6410
commit c5ccef2313
22 changed files with 358 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
frontend/app/api/admin-users/[id]/route.ts
+27
View File
@@ -0,0 +1,27 @@
import { NextRequest, NextResponse } from 'next/server';
import { auth } from '../../../../../auth';
const API_BASE =
process.env.NEXT_PUBLIC_API_URL_INTERNAL ?? 'http://recipe-api:8080';
export async function PATCH(
request: NextRequest,
{ params }: { params: { id: string } },
) {
const session = await auth();
if (!session || (session.user as any)?.role !== 'admin') {
return NextResponse.json({ message: 'Förbjuden' }, { status: 403 });
}
const body = await request.json();
const res = await fetch(`${API_BASE}/api/users/${params.id}/role`, {
method: 'PATCH',
headers: {
'Content-Type': 'application/json',
Authorization: `Bearer ${session.accessToken}`,
},
body: JSON.stringify(body),
});
const data = await res.json();
return NextResponse.json(data, { status: res.status });
}
frontend/app/api/admin-users/route.ts
+19
View File
@@ -0,0 +1,19 @@
import { NextResponse } from 'next/server';
import { auth } from '../../../../auth';
const API_BASE =
process.env.NEXT_PUBLIC_API_URL_INTERNAL ?? 'http://recipe-api:8080';
export async function GET() {
const session = await auth();
if (!session || (session.user as any)?.role !== 'admin') {
return NextResponse.json({ message: 'Förbjuden' }, { status: 403 });
}
const res = await fetch(`${API_BASE}/api/users`, {
headers: { Authorization: `Bearer ${session.accessToken}` },
cache: 'no-store',
});
const data = await res.json();
return NextResponse.json(data, { status: res.status });
}