feat(auth): implement user authentication with JWT and NextAuth

- Added user registration and login functionality with JWT authentication.
- Created auth controller, service, and module in the backend.
- Implemented user model and user products management.
- Integrated NextAuth for session management on the frontend.
- Added middleware for protecting routes and handling public access.
- Updated frontend API routes to include authorization headers.
- Enhanced recipe and user product models to support ownership and visibility.
- Created registration and login pages in the frontend.
- Added necessary types for NextAuth session management.

frontend/app/api/admin/merge-preview-proxy/route.ts

@@ -1,9 +1,11 @@
 import { NextRequest, NextResponse } from 'next/server';
+import { getAuthHeaders } from '../../../../lib/auth-headers';
 
 const API_BASE =
   process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
 
 export async function GET(request: NextRequest) {
+  const authHeaders = await getAuthHeaders();
   const sourceProductId = request.nextUrl.searchParams.get('sourceProductId');
   const targetProductId = request.nextUrl.searchParams.get('targetProductId');
 
@@ -11,6 +13,7 @@ export async function GET(request: NextRequest) {
     `${API_BASE}/api/products/merge-preview?sourceProductId=${sourceProductId}&targetProductId=${targetProductId}`,
     {
       method: 'GET',
+      headers: { ...authHeaders },
       cache: 'no-store',
     },
   );

frontend/app/api/auth-register/route.ts

@@ -0,0 +1,17 @@
+import { NextRequest, NextResponse } from 'next/server';
+
+const API_BASE = process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
+
+export async function POST(request: NextRequest) {
+  const body = await request.json();
+  const res = await fetch(`${API_BASE}/api/auth/register`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify(body),
+  });
+  const text = await res.text();
+  return new NextResponse(text, {
+    status: res.status,
+    headers: { 'Content-Type': 'application/json' },
+  });
+}

frontend/app/api/auth/[...nextauth]/route.ts

@@ -0,0 +1,3 @@
+import { handlers } from '../../../../auth';
+
+export const { GET, POST } = handlers;

frontend/app/api/inventory-history-proxy/route.ts

@@ -1,13 +1,16 @@
 import { NextRequest, NextResponse } from 'next/server';
+import { getAuthHeaders } from '../../../lib/auth-headers';
 
 const API_BASE =
   process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
 
 export async function GET(request: NextRequest) {
+  const authHeaders = await getAuthHeaders();
   const id = request.nextUrl.searchParams.get('id');
 
   const res = await fetch(`${API_BASE}/api/inventory/${id}/consumption-history`, {
     method: 'GET',
+    headers: { ...authHeaders },
     cache: 'no-store',
   });
 

frontend/app/api/meal-plan-proxy/inventory-compare/route.ts

@@ -1,12 +1,15 @@
 import { NextRequest, NextResponse } from 'next/server';
+import { getAuthHeaders } from '../../../../lib/auth-headers';
 
 const API_BASE = process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
 
 export async function GET(request: NextRequest) {
+  const authHeaders = await getAuthHeaders();
   const { searchParams } = request.nextUrl;
   const from = searchParams.get('from');
   const to = searchParams.get('to');
   const res = await fetch(`${API_BASE}/api/meal-plan/inventory-compare?from=${from}&to=${to}`, {
+    headers: { ...authHeaders },
     cache: 'no-store',
   });
   const text = await res.text();

frontend/app/api/meal-plan-proxy/route.ts

@@ -1,11 +1,14 @@
 import { NextRequest, NextResponse } from 'next/server';
+import { getAuthHeaders } from '../../../lib/auth-headers';
 
 const API_BASE = process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
 
 export async function GET(request: NextRequest) {
+  const authHeaders = await getAuthHeaders();
   const { searchParams } = request.nextUrl;
   const query = searchParams.toString();
   const res = await fetch(`${API_BASE}/api/meal-plan${query ? `?${query}` : ''}`, {
+    headers: { ...authHeaders },
     cache: 'no-store',
   });
   const text = await res.text();
@@ -16,10 +19,11 @@ export async function GET(request: NextRequest) {
 }
 
 export async function POST(request: NextRequest) {
+  const authHeaders = await getAuthHeaders();
   const body = await request.text();
   const res = await fetch(`${API_BASE}/api/meal-plan`, {
     method: 'POST',
-    headers: { 'Content-Type': 'application/json' },
+    headers: { 'Content-Type': 'application/json', ...authHeaders },
     body,
     cache: 'no-store',
   });
@@ -31,9 +35,11 @@ export async function POST(request: NextRequest) {
 }
 
 export async function DELETE(request: NextRequest) {
+  const authHeaders = await getAuthHeaders();
   const date = request.nextUrl.searchParams.get('date');
   const res = await fetch(`${API_BASE}/api/meal-plan/${date}`, {
     method: 'DELETE',
+    headers: { ...authHeaders },
     cache: 'no-store',
   });
   return new NextResponse(null, { status: res.status });

frontend/app/api/meal-plan-proxy/shopping/route.ts

@@ -1,12 +1,15 @@
 import { NextRequest, NextResponse } from 'next/server';
+import { getAuthHeaders } from '../../../../lib/auth-headers';
 
 const API_BASE = process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
 
 export async function GET(request: NextRequest) {
+  const authHeaders = await getAuthHeaders();
   const { searchParams } = request.nextUrl;
   const from = searchParams.get('from');
   const to = searchParams.get('to');
   const res = await fetch(`${API_BASE}/api/meal-plan/shopping-list?from=${from}&to=${to}`, {
+    headers: { ...authHeaders },
     cache: 'no-store',
   });
   const text = await res.text();

frontend/app/api/parse-markdown-proxy/route.ts

@@ -1,13 +1,15 @@
 import { NextRequest, NextResponse } from 'next/server';
+import { getAuthHeaders } from '../../../lib/auth-headers';
 
 const API_BASE = process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
 
 export async function POST(request: NextRequest) {
+  const authHeaders = await getAuthHeaders();
   const body = await request.text();
 
   const res = await fetch(`${API_BASE}/api/recipes/parse-markdown`, {
     method: 'POST',
-    headers: { 'Content-Type': 'application/json' },
+    headers: { 'Content-Type': 'application/json', ...authHeaders },
     body,
     cache: 'no-store',
   });

frontend/app/api/products/route.ts

@@ -1,10 +1,13 @@
 import { NextRequest, NextResponse } from 'next/server';
+import { getAuthHeaders } from '../../../lib/auth-headers';
 
 const API_BASE = process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
 
 export async function GET(request: NextRequest) {
+  const authHeaders = await getAuthHeaders();
   const res = await fetch(`${API_BASE}/api/products`, {
     method: 'GET',
+    headers: { ...authHeaders },
     cache: 'no-store',
   });
 

frontend/app/api/quick-import-proxy/route.ts

@@ -1,17 +1,19 @@
 import { NextRequest, NextResponse } from 'next/server';
+import { getAuthHeaders } from '../../../lib/auth-headers';
 
 export async function POST(request: NextRequest) {
   try {
     const contentType = request.headers.get('content-type') ?? '';
     const isMultipart = contentType.includes('multipart/form-data');
     const backendUrl = process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
+    const authHeaders = await getAuthHeaders();
 
     const response = await fetch(`${backendUrl}/api/quick-import`, {
       method: 'POST',
       body: isMultipart
         ? await request.formData()
         : JSON.stringify(await request.json()),
-      headers: isMultipart ? undefined : { 'Content-Type': 'application/json' },
+      headers: isMultipart ? { ...authHeaders } : { 'Content-Type': 'application/json', ...authHeaders },
       cache: 'no-store',
     });
 

frontend/app/api/receipt-alias-proxy/route.ts

@@ -1,10 +1,15 @@
 import { NextRequest, NextResponse } from 'next/server';
+import { getAuthHeaders } from '../../../lib/auth-headers';
 
 const API_BASE =
   process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
 
 export async function GET() {
-  const res = await fetch(`${API_BASE}/api/receipt-aliases`, { cache: 'no-store' });
+  const authHeaders = await getAuthHeaders();
+  const res = await fetch(`${API_BASE}/api/receipt-aliases`, {
+    headers: { ...authHeaders },
+    cache: 'no-store',
+  });
   const text = await res.text();
   return new NextResponse(text, {
     status: res.status,
@@ -13,10 +18,11 @@ export async function GET() {
 }
 
 export async function POST(request: NextRequest) {
+  const authHeaders = await getAuthHeaders();
   const body = await request.json();
   const res = await fetch(`${API_BASE}/api/receipt-aliases`, {
     method: 'POST',
-    headers: { 'Content-Type': 'application/json' },
+    headers: { 'Content-Type': 'application/json', ...authHeaders },
     body: JSON.stringify(body),
   });
   const text = await res.text();
@@ -27,9 +33,11 @@ export async function POST(request: NextRequest) {
 }
 
 export async function DELETE(request: NextRequest) {
+  const authHeaders = await getAuthHeaders();
   const id = request.nextUrl.searchParams.get('id');
   const res = await fetch(`${API_BASE}/api/receipt-aliases/${id}`, {
     method: 'DELETE',
+    headers: { ...authHeaders },
   });
   return new NextResponse(null, { status: res.status });
 }

frontend/app/api/receipt-import-proxy/route.ts

@@ -1,13 +1,16 @@
 import { NextRequest, NextResponse } from 'next/server';
+import { getAuthHeaders } from '../../../lib/auth-headers';
 
 const API_BASE =
   process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
 
 export async function POST(request: NextRequest) {
+  const authHeaders = await getAuthHeaders();
   const formData = await request.formData();
 
   const res = await fetch(`${API_BASE}/api/receipt-import`, {
     method: 'POST',
+    headers: { ...authHeaders },
     body: formData,
   });
 

frontend/app/api/recipe-preview-proxy/route.ts

@@ -1,8 +1,10 @@
 import { NextRequest, NextResponse } from 'next/server';
+import { getAuthHeaders } from '../../../lib/auth-headers';
 
 const API_BASE = process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
 
 export async function GET(request: NextRequest) {
+  const authHeaders = await getAuthHeaders();
   const id = request.nextUrl.searchParams.get('id');
 
   if (!id) {
@@ -14,6 +16,7 @@ export async function GET(request: NextRequest) {
 
   const res = await fetch(`${API_BASE}/api/recipes/${id}/inventory-preview`, {
     method: 'GET',
+    headers: { ...authHeaders },
     cache: 'no-store',
   });
 

frontend/app/api/recipes/[id]/image/route.ts

@@ -1,4 +1,5 @@
 import { NextRequest, NextResponse } from 'next/server';
+import { getAuthHeaders } from '../../../../../lib/auth-headers';
 
 const API_BASE = process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
 
@@ -7,11 +8,12 @@ export async function POST(
   { params }: { params: Promise<{ id: string }> },
 ) {
   const { id } = await params;
+  const authHeaders = await getAuthHeaders();
   const body = await request.text();
 
   const res = await fetch(`${API_BASE}/api/recipes/${id}/image`, {
     method: 'POST',
-    headers: { 'Content-Type': 'application/json' },
+    headers: { 'Content-Type': 'application/json', ...authHeaders },
     body,
     cache: 'no-store',
   });

frontend/app/api/recipes/[id]/route.ts

@@ -1,4 +1,5 @@
 import { NextRequest, NextResponse } from 'next/server';
+import { getAuthHeaders } from '../../../../lib/auth-headers';
 
 const API_BASE = process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
 
@@ -7,7 +8,11 @@ export async function GET(
   { params }: { params: Promise<{ id: string }> },
 ) {
   const { id } = await params;
-  const res = await fetch(`${API_BASE}/api/recipes/${id}`, { cache: 'no-store' });
+  const authHeaders = await getAuthHeaders();
+  const res = await fetch(`${API_BASE}/api/recipes/${id}`, {
+    headers: { ...authHeaders },
+    cache: 'no-store',
+  });
   const text = await res.text();
   return new NextResponse(text, {
     status: res.status,
@@ -20,10 +25,11 @@ export async function PATCH(
   { params }: { params: Promise<{ id: string }> },
 ) {
   const { id } = await params;
+  const authHeaders = await getAuthHeaders();
   const body = await request.json();
   const res = await fetch(`${API_BASE}/api/recipes/${id}`, {
     method: 'PATCH',
-    headers: { 'Content-Type': 'application/json' },
+    headers: { 'Content-Type': 'application/json', ...authHeaders },
     body: JSON.stringify(body),
     cache: 'no-store',
   });
@@ -39,8 +45,10 @@ export async function DELETE(
   { params }: { params: Promise<{ id: string }> },
 ) {
   const { id } = await params;
+  const authHeaders = await getAuthHeaders();
   const res = await fetch(`${API_BASE}/api/recipes/${id}`, {
     method: 'DELETE',
+    headers: { ...authHeaders },
     cache: 'no-store',
   });
   return new NextResponse(null, { status: res.status });

frontend/app/api/recipes/route.ts

@@ -1,9 +1,12 @@
 import { NextRequest, NextResponse } from 'next/server';
+import { getAuthHeaders } from '../../../lib/auth-headers';
 
 const API_BASE = process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
 
 export async function GET() {
+  const authHeaders = await getAuthHeaders();
   const res = await fetch(`${API_BASE}/api/recipes`, {
+    headers: { ...authHeaders },
     cache: 'no-store',
   });
   const data = await res.json();
@@ -11,10 +14,11 @@ export async function GET() {
 }
 
 export async function POST(request: NextRequest) {
+  const authHeaders = await getAuthHeaders();
   const body = await request.json();
   const res = await fetch(`${API_BASE}/api/recipes`, {
     method: 'POST',
-    headers: { 'Content-Type': 'application/json' },
+    headers: { 'Content-Type': 'application/json', ...authHeaders },
     body: JSON.stringify(body),
     cache: 'no-store',
   });

frontend/app/api/user-products/[productId]/route.ts

@@ -0,0 +1,17 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { getAuthHeaders } from '../../../../lib/auth-headers';
+
+const API_BASE = process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
+
+export async function DELETE(
+  _request: NextRequest,
+  { params }: { params: Promise<{ productId: string }> },
+) {
+  const { productId } = await params;
+  const authHeaders = await getAuthHeaders();
+  const res = await fetch(`${API_BASE}/api/user-products/${productId}`, {
+    method: 'DELETE',
+    headers: { ...authHeaders },
+  });
+  return new NextResponse(null, { status: res.status });
+}

frontend/app/api/user-products/route.ts

@@ -0,0 +1,32 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { getAuthHeaders } from '../../../lib/auth-headers';
+
+const API_BASE = process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
+
+export async function GET() {
+  const authHeaders = await getAuthHeaders();
+  const res = await fetch(`${API_BASE}/api/user-products`, {
+    headers: { ...authHeaders },
+    cache: 'no-store',
+  });
+  const text = await res.text();
+  return new NextResponse(text, {
+    status: res.status,
+    headers: { 'Content-Type': 'application/json' },
+  });
+}
+
+export async function POST(request: NextRequest) {
+  const authHeaders = await getAuthHeaders();
+  const body = await request.json();
+  const res = await fetch(`${API_BASE}/api/user-products`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json', ...authHeaders },
+    body: JSON.stringify(body),
+  });
+  const text = await res.text();
+  return new NextResponse(text, {
+    status: res.status,
+    headers: { 'Content-Type': 'application/json' },
+  });
+}