feat(api): add create and update product routes with authentication

refactor(admin): integrate router refresh after product updates in forms
fix(imports): update fetch paths for product creation and update in ReceiptImportClient

frontend/app/api/admin/create-product/route.ts

@@ -0,0 +1,46 @@
+import { auth } from '../../../../auth';
+
+const API_BASE = process.env.NEXT_PUBLIC_API_URL_INTERNAL || 'http://recipe-api:8080';
+
+async function getAuthHeaders(): Promise<Record<string, string>> {
+  const session = await auth();
+  if (!session?.accessToken) {
+    return {};
+  }
+  return { Authorization: `Bearer ${session.accessToken}` };
+}
+
+export async function POST(req: Request) {
+  try {
+    const body = await req.json();
+    const { name } = body;
+
+    if (!name || typeof name !== 'string') {
+      return Response.json({ error: 'Name is required' }, { status: 400 });
+    }
+
+    const authHeaders = await getAuthHeaders();
+    const res = await fetch(`${API_BASE}/api/products`, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json', ...authHeaders },
+      body: JSON.stringify({ name }),
+    });
+
+    if (!res.ok) {
+      const e = await res.json().catch(() => ({}));
+      return Response.json({ error: e.message ?? `HTTP ${res.status}` }, { status: res.status });
+    }
+
+    const product = await res.json();
+    return Response.json({
+      id: product.id,
+      name: product.name,
+      canonicalName: product.canonicalName ?? null,
+    });
+  } catch (err) {
+    return Response.json(
+      { error: err instanceof Error ? err.message : 'Unknown error' },
+      { status: 500 },
+    );
+  }
+}