feat: enhance CORS configuration and implement throttling for API endpoints; add admin role checks in controllers

backend/src/products/products.controller.ts

@@ -63,11 +63,13 @@ export class ProductsController {
     return this.productsService.findAllTags();
   }
 
+  @Roles('admin')
   @Get('duplicates')
   findDuplicates() {
     return this.productsService.findDuplicateCandidates();
   }
 
+  @Roles('admin')
   @Get('merge-preview')
   previewMerge(
     @Query('sourceProductId', ParseIntPipe) sourceProductId: number,
@@ -130,10 +132,7 @@ export class ProductsController {
 
   @Roles('admin')
   @Post()
-  create(@Body() body: CreateProductDto, @Request() req: any) {
-    console.log('[ProductsController.create] Request received');
-    console.log('[ProductsController.create] User:', req.user);
-    console.log('[ProductsController.create] Body:', body);
+  create(@Body() body: CreateProductDto) {
     return this.productsService.create(body);
   }
 
@@ -151,6 +150,7 @@ export class ProductsController {
     return this.productsService.merge(body.sourceProductId, body.targetProductId);
   }
 
+  @Roles('admin')
   @Patch(':id/canonical-name')
   updateCanonicalName(
     @Param('id', ParseIntPipe) id: number,
@@ -159,6 +159,7 @@ export class ProductsController {
     return this.productsService.updateCanonicalName(id, body.canonicalName);
   }
 
+  @Roles('admin')
   @Put(':id/tags')
   setTags(
     @Param('id', ParseIntPipe) id: number,
@@ -167,6 +168,7 @@ export class ProductsController {
     return this.productsService.setTags(id, body.tags);
   }
 
+  @Roles('admin')
   @Put(':id/nutrition')
   upsertNutrition(
     @Param('id', ParseIntPipe) id: number,
@@ -175,6 +177,7 @@ export class ProductsController {
     return this.productsService.upsertNutrition(id, body);
   }
 
+  @Roles('admin')
   @Patch(':id')
   update(
     @Param('id', ParseIntPipe) id: number,