diff --git a/app/api/admin/matches/[id]/calc-points/route.ts b/app/api/admin/matches/[id]/calc-points/route.ts index d4130a4..2416afd 100644 --- a/app/api/admin/matches/[id]/calc-points/route.ts +++ b/app/api/admin/matches/[id]/calc-points/route.ts @@ -1,13 +1,12 @@ import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; +import { getApiUser } from "@/lib/apiAuth"; import { calculateMatchPoints } from "@/lib/points"; -export async function POST(_: NextRequest, { params }: { params: Promise<{ id: string }> }) { +export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { const { id } = await params; - const session = await getServerSession(authOptions); - if (!session || (session.user as any).role !== "ADMIN") + const apiUser = await getApiUser(req); + if (!apiUser || apiUser.role !== "ADMIN") return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const events = await db.matchEvent.findMany({ diff --git a/app/api/admin/matches/[id]/events/[eventId]/route.ts b/app/api/admin/matches/[id]/events/[eventId]/route.ts index 7eec678..a6a3429 100644 --- a/app/api/admin/matches/[id]/events/[eventId]/route.ts +++ b/app/api/admin/matches/[id]/events/[eventId]/route.ts @@ -1,12 +1,10 @@ import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; - -export async function DELETE(_: NextRequest, { params }: { params: Promise<{ id: string; eventId: string }> }) { +import { getApiUser } from "@/lib/apiAuth"; +export async function DELETE(req: NextRequest, { params }: { params: Promise<{ id: string; eventId: string }> }) { const { eventId } = await params; - const session = await getServerSession(authOptions); - if (!session || (session.user as any).role !== "ADMIN") + const apiUser = await getApiUser(req); + if (!apiUser || apiUser.role !== "ADMIN") return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); await db.matchEvent.delete({ where: { id: eventId } }); diff --git a/app/api/admin/matches/[id]/events/route.ts b/app/api/admin/matches/[id]/events/route.ts index a9b2713..1d38fe4 100644 --- a/app/api/admin/matches/[id]/events/route.ts +++ b/app/api/admin/matches/[id]/events/route.ts @@ -1,12 +1,10 @@ import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; - +import { getApiUser } from "@/lib/apiAuth"; export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { const { id } = await params; - const session = await getServerSession(authOptions); - if (!session || (session.user as any).role !== "ADMIN") + const apiUser = await getApiUser(req); + if (!apiUser || apiUser.role !== "ADMIN") return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const { playerId, type, minute, extraInfo } = await req.json(); diff --git a/app/api/admin/matches/[id]/lineup/route.ts b/app/api/admin/matches/[id]/lineup/route.ts index 19ee8a9..288b698 100644 --- a/app/api/admin/matches/[id]/lineup/route.ts +++ b/app/api/admin/matches/[id]/lineup/route.ts @@ -1,12 +1,10 @@ import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; - +import { getApiUser } from "@/lib/apiAuth"; export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { const { id } = await params; - const session = await getServerSession(authOptions); - if (!session || (session.user as any).role !== "ADMIN") + const apiUser = await getApiUser(req); + if (!apiUser || apiUser.role !== "ADMIN") return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const lineups: Array<{ countryId: string; formation: string; playerIds: string[] }> = await req.json(); diff --git a/app/api/admin/players/[id]/card-tier/route.ts b/app/api/admin/players/[id]/card-tier/route.ts index e6e12f6..9e1574f 100644 --- a/app/api/admin/players/[id]/card-tier/route.ts +++ b/app/api/admin/players/[id]/card-tier/route.ts @@ -1,13 +1,11 @@ import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; - +import { getApiUser } from "@/lib/apiAuth"; const validTiers = new Set(["GOLD", "SILVER", "BRONZE"]); export async function PATCH(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { - const session = await getServerSession(authOptions); - if (!session || (session.user as any).role !== "ADMIN") { + const apiUser = await getApiUser(req); + if (!apiUser || apiUser.role !== "ADMIN") { return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); } diff --git a/app/api/admin/players/[id]/golden-toggle/route.ts b/app/api/admin/players/[id]/golden-toggle/route.ts index f8257d5..db7cbbe 100644 --- a/app/api/admin/players/[id]/golden-toggle/route.ts +++ b/app/api/admin/players/[id]/golden-toggle/route.ts @@ -1,12 +1,10 @@ import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; - +import { getApiUser } from "@/lib/apiAuth"; // PATCH /api/admin/players/[id]/golden-toggle export async function PATCH(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { - const session = await getServerSession(authOptions); - if (!session || (session.user as any).role !== "ADMIN") { + const apiUser = await getApiUser(req); + if (!apiUser || apiUser.role !== "ADMIN") { return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); } diff --git a/app/api/admin/quiz/[id]/lottery/route.ts b/app/api/admin/quiz/[id]/lottery/route.ts index 15ac903..3a5262c 100644 --- a/app/api/admin/quiz/[id]/lottery/route.ts +++ b/app/api/admin/quiz/[id]/lottery/route.ts @@ -1,7 +1,6 @@ import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; +import { getApiUser } from "@/lib/apiAuth"; import { CARD_TIER_LABELS, resolveQuizRewardTier } from "@/lib/cardTier"; function shuffleArray(items: T[]) { @@ -10,8 +9,8 @@ function shuffleArray(items: T[]) { // POST /api/admin/quiz/[id]/lottery - run reward distribution for a quiz export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { - const session = await getServerSession(authOptions); - if (!session || (session.user as any).role !== "ADMIN") { + const apiUser = await getApiUser(req); + if (!apiUser || apiUser.role !== "ADMIN") { return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); } diff --git a/app/api/admin/quiz/[id]/route.ts b/app/api/admin/quiz/[id]/route.ts index 2493372..6b16772 100644 --- a/app/api/admin/quiz/[id]/route.ts +++ b/app/api/admin/quiz/[id]/route.ts @@ -1,15 +1,14 @@ import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; +import { getApiUser } from "@/lib/apiAuth"; import { Prisma } from "@/lib/generated/prisma"; -async function requireAdmin() { - const session = await getServerSession(authOptions); - if (!session || (session.user as any).role !== "ADMIN") { +async function requireAdmin(req: NextRequest) { + const apiUser = await getApiUser(req); + if (!apiUser || apiUser.role !== "ADMIN") { return null; } - return session; + return apiUser; } function calculateResult(answers: number[], questions: Array<{ correctAnswer: number }>) { @@ -59,8 +58,8 @@ function validateTierConfig(input: { export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { try { - const session = await requireAdmin(); - if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); + const apiUser = await requireAdmin(req); + if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const { id } = await params; const { @@ -167,9 +166,9 @@ export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: } } -export async function DELETE(_: NextRequest, { params }: { params: Promise<{ id: string }> }) { - const session = await requireAdmin(); - if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); +export async function DELETE(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { + const apiUser = await requireAdmin(req); + if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const { id } = await params; diff --git a/app/api/admin/quiz/route.ts b/app/api/admin/quiz/route.ts index ca6f3de..1e206f5 100644 --- a/app/api/admin/quiz/route.ts +++ b/app/api/admin/quiz/route.ts @@ -1,13 +1,12 @@ import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; +import { getApiUser } from "@/lib/apiAuth"; import { Prisma } from "@/lib/generated/prisma"; async function adminOnly(req: NextRequest) { - const session = await getServerSession(authOptions); - if (!session || (session.user as any).role !== "ADMIN") return null; - return session; + const apiUser = await getApiUser(req); + if (!apiUser || apiUser.role !== "ADMIN") return null; + return apiUser; } function validateTierConfig(input: { @@ -43,8 +42,8 @@ function validateTierConfig(input: { // GET /api/admin/quiz - list all quizzes export async function GET(req: NextRequest) { - const session = await adminOnly(req); - if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); + const apiUser = await adminOnly(req); + if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const quizzes = await db.dailyQuiz.findMany({ orderBy: { date: "desc" }, @@ -60,8 +59,8 @@ export async function GET(req: NextRequest) { // POST /api/admin/quiz - create quiz export async function POST(req: NextRequest) { try { - const session = await adminOnly(req); - if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); + const apiUser = await adminOnly(req); + if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const { date, diff --git a/app/api/admin/scoring/route.ts b/app/api/admin/scoring/route.ts index 08ed414..1f6b579 100644 --- a/app/api/admin/scoring/route.ts +++ b/app/api/admin/scoring/route.ts @@ -1,11 +1,9 @@ import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; - +import { getApiUser } from "@/lib/apiAuth"; export async function PUT(req: NextRequest) { - const session = await getServerSession(authOptions); - if (!session || (session.user as any).role !== "ADMIN") + const apiUser = await getApiUser(req); + if (!apiUser || apiUser.role !== "ADMIN") return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const rules: Array<{ position: string; eventType: string; points: number }> = await req.json(); @@ -13,8 +11,8 @@ export async function PUT(req: NextRequest) { for (const rule of rules) { await db.scoringRule.upsert({ where: { position_eventType: { position: rule.position as any, eventType: rule.eventType as any } }, - update: { points: rule.points, updatedBy: (session.user as any).id }, - create: { position: rule.position as any, eventType: rule.eventType as any, points: rule.points, updatedBy: (session.user as any).id }, + update: { points: rule.points, updatedBy: apiUser.id }, + create: { position: rule.position as any, eventType: rule.eventType as any, points: rule.points, updatedBy: apiUser.id }, }); } diff --git a/app/api/admin/teams/[id]/route.ts b/app/api/admin/teams/[id]/route.ts index 2974f96..7dd709c 100644 --- a/app/api/admin/teams/[id]/route.ts +++ b/app/api/admin/teams/[id]/route.ts @@ -1,12 +1,10 @@ import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; - +import { getApiUser } from "@/lib/apiAuth"; export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { const { id } = await params; - const session = await getServerSession(authOptions); - if (!session || (session.user as any).role !== "ADMIN") + const apiUser = await getApiUser(req); + if (!apiUser || apiUser.role !== "ADMIN") return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const { status } = await req.json(); diff --git a/app/api/admin/teams/route.ts b/app/api/admin/teams/route.ts index 3d488de..588a59a 100644 --- a/app/api/admin/teams/route.ts +++ b/app/api/admin/teams/route.ts @@ -1,11 +1,9 @@ -import { NextResponse } from "next/server"; +import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; - -export async function GET() { - const session = await getServerSession(authOptions); - if (!session || (session.user as any).role !== "ADMIN") +import { getApiUser } from "@/lib/apiAuth"; +export async function GET(req: NextRequest) { + const apiUser = await getApiUser(req); + if (!apiUser || apiUser.role !== "ADMIN") return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const teams = await db.team.findMany({ diff --git a/app/api/countries/[id]/route.ts b/app/api/countries/[id]/route.ts index 56669a5..b3a2544 100644 --- a/app/api/countries/[id]/route.ts +++ b/app/api/countries/[id]/route.ts @@ -1,12 +1,10 @@ import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; - +import { getApiUser } from "@/lib/apiAuth"; export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { const { id } = await params; - const session = await getServerSession(authOptions); - if (!session || (session.user as any).role !== "ADMIN") + const apiUser = await getApiUser(req); + if (!apiUser || apiUser.role !== "ADMIN") return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const body = await req.json(); @@ -14,10 +12,10 @@ export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: return NextResponse.json(country); } -export async function DELETE(_: NextRequest, { params }: { params: Promise<{ id: string }> }) { +export async function DELETE(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { const { id } = await params; - const session = await getServerSession(authOptions); - if (!session || (session.user as any).role !== "ADMIN") + const apiUser = await getApiUser(req); + if (!apiUser || apiUser.role !== "ADMIN") return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); await db.country.delete({ where: { id } }); diff --git a/app/api/countries/route.ts b/app/api/countries/route.ts index d68e4d7..12ec3e5 100644 --- a/app/api/countries/route.ts +++ b/app/api/countries/route.ts @@ -1,9 +1,7 @@ import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; - -export async function GET() { +import { getApiUser } from "@/lib/apiAuth"; +export async function GET(req: NextRequest) { const countries = await db.country.findMany({ include: { group: true }, orderBy: { name: "asc" }, @@ -12,8 +10,8 @@ export async function GET() { } export async function POST(req: NextRequest) { - const session = await getServerSession(authOptions); - if (!session || (session.user as any).role !== "ADMIN") + const apiUser = await getApiUser(req); + if (!apiUser || apiUser.role !== "ADMIN") return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const body = await req.json(); diff --git a/app/api/gameweeks/[id]/activate/route.ts b/app/api/gameweeks/[id]/activate/route.ts index 24228c4..2ce6908 100644 --- a/app/api/gameweeks/[id]/activate/route.ts +++ b/app/api/gameweeks/[id]/activate/route.ts @@ -1,12 +1,10 @@ import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; - -export async function POST(_: NextRequest, { params }: { params: Promise<{ id: string }> }) { +import { getApiUser } from "@/lib/apiAuth"; +export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { const { id } = await params; - const session = await getServerSession(authOptions); - if (!session || (session.user as any).role !== "ADMIN") + const apiUser = await getApiUser(req); + if (!apiUser || apiUser.role !== "ADMIN") return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); // غیرفعال کردن همه diff --git a/app/api/gameweeks/route.ts b/app/api/gameweeks/route.ts index 506c53b..fe258f3 100644 --- a/app/api/gameweeks/route.ts +++ b/app/api/gameweeks/route.ts @@ -1,16 +1,14 @@ import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; - -export async function GET() { +import { getApiUser } from "@/lib/apiAuth"; +export async function GET(req: NextRequest) { const gameweeks = await db.gameweek.findMany({ orderBy: { number: "asc" } }); return NextResponse.json(gameweeks); } export async function POST(req: NextRequest) { - const session = await getServerSession(authOptions); - if (!session || (session.user as any).role !== "ADMIN") + const apiUser = await getApiUser(req); + if (!apiUser || apiUser.role !== "ADMIN") return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const body = await req.json(); diff --git a/app/api/golden-cards/[id]/add-to-team/route.ts b/app/api/golden-cards/[id]/add-to-team/route.ts index 082a8a2..c05aba0 100644 --- a/app/api/golden-cards/[id]/add-to-team/route.ts +++ b/app/api/golden-cards/[id]/add-to-team/route.ts @@ -1,7 +1,6 @@ import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; +import { getApiUser } from "@/lib/apiAuth"; import { getAutoPlacement, getPositionLabel, @@ -9,10 +8,10 @@ import { } from "@/lib/specialCards"; export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { - const session = await getServerSession(authOptions); - if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); + const apiUser = await getApiUser(req); + if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); - const userId = (session.user as any).id; + const userId = apiUser.id; const { id } = await params; const { replacePlayerId } = await req.json().catch(() => ({})); diff --git a/app/api/golden-cards/[id]/reveal/route.ts b/app/api/golden-cards/[id]/reveal/route.ts index c41e974..8c2c6ea 100644 --- a/app/api/golden-cards/[id]/reveal/route.ts +++ b/app/api/golden-cards/[id]/reveal/route.ts @@ -1,14 +1,12 @@ import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; - +import { getApiUser } from "@/lib/apiAuth"; // POST /api/golden-cards/[id]/reveal export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { - const session = await getServerSession(authOptions); - if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); + const apiUser = await getApiUser(req); + if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); - const userId = (session.user as any).id; + const userId = apiUser.id; const { id } = await params; const card = await db.goldenCard.findUnique({ where: { id } }); diff --git a/app/api/golden-cards/[id]/sell/route.ts b/app/api/golden-cards/[id]/sell/route.ts index 3fc0a18..e2bf5b9 100644 --- a/app/api/golden-cards/[id]/sell/route.ts +++ b/app/api/golden-cards/[id]/sell/route.ts @@ -1,14 +1,13 @@ import { NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; +import { getApiUser } from "@/lib/apiAuth"; import { getSpecialCardSalePrice } from "@/lib/specialCards"; -export async function POST(_: Request, { params }: { params: Promise<{ id: string }> }) { - const session = await getServerSession(authOptions); - if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); +export async function POST(req: Request, { params }: { params: Promise<{ id: string }> }) { + const apiUser = await getApiUser(req); + if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); - const userId = (session.user as any).id; + const userId = apiUser.id; const { id } = await params; const card = await db.goldenCard.findUnique({ diff --git a/app/api/golden-cards/route.ts b/app/api/golden-cards/route.ts index 164251f..9078357 100644 --- a/app/api/golden-cards/route.ts +++ b/app/api/golden-cards/route.ts @@ -1,14 +1,12 @@ -import { NextResponse } from "next/server"; +import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; - +import { getApiUser } from "@/lib/apiAuth"; // GET /api/golden-cards - get current user's golden cards -export async function GET() { - const session = await getServerSession(authOptions); - if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); +export async function GET(req: NextRequest) { + const apiUser = await getApiUser(req); + if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); - const userId = (session.user as any).id; + const userId = apiUser.id; const cards = await db.goldenCard.findMany({ where: { userId }, diff --git a/app/api/matches/[id]/route.ts b/app/api/matches/[id]/route.ts index 2d5b8c0..e425390 100644 --- a/app/api/matches/[id]/route.ts +++ b/app/api/matches/[id]/route.ts @@ -1,9 +1,7 @@ import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; - -export async function GET(_: NextRequest, { params }: { params: Promise<{ id: string }> }) { +import { getApiUser } from "@/lib/apiAuth"; +export async function GET(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { const { id } = await params; const match = await db.match.findUnique({ where: { id }, @@ -15,8 +13,8 @@ export async function GET(_: NextRequest, { params }: { params: Promise<{ id: st export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { const { id } = await params; - const session = await getServerSession(authOptions); - if (!session || (session.user as any).role !== "ADMIN") + const apiUser = await getApiUser(req); + if (!apiUser || apiUser.role !== "ADMIN") return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const body = await req.json(); @@ -30,10 +28,10 @@ export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: return NextResponse.json(match); } -export async function DELETE(_: NextRequest, { params }: { params: Promise<{ id: string }> }) { +export async function DELETE(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { const { id } = await params; - const session = await getServerSession(authOptions); - if (!session || (session.user as any).role !== "ADMIN") + const apiUser = await getApiUser(req); + if (!apiUser || apiUser.role !== "ADMIN") return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); await db.match.delete({ where: { id } }); diff --git a/app/api/matches/[id]/stats/route.ts b/app/api/matches/[id]/stats/route.ts index 396e161..06814f5 100644 --- a/app/api/matches/[id]/stats/route.ts +++ b/app/api/matches/[id]/stats/route.ts @@ -1,13 +1,12 @@ import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; +import { getApiUser } from "@/lib/apiAuth"; import { calculateMatchPoints } from "@/lib/points"; export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { const { id } = await params; - const session = await getServerSession(authOptions); - if (!session || (session.user as any).role !== "ADMIN") + const apiUser = await getApiUser(req); + if (!apiUser || apiUser.role !== "ADMIN") return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const stats: Array<{ diff --git a/app/api/matches/route.ts b/app/api/matches/route.ts index e01077a..3324bd8 100644 --- a/app/api/matches/route.ts +++ b/app/api/matches/route.ts @@ -1,9 +1,7 @@ import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; - -export async function GET() { +import { getApiUser } from "@/lib/apiAuth"; +export async function GET(req: NextRequest) { const matches = await db.match.findMany({ include: { homeTeam: true, @@ -16,8 +14,8 @@ export async function GET() { } export async function POST(req: NextRequest) { - const session = await getServerSession(authOptions); - if (!session || (session.user as any).role !== "ADMIN") + const apiUser = await getApiUser(req); + if (!apiUser || apiUser.role !== "ADMIN") return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const body = await req.json(); diff --git a/app/api/payment/request/route.ts b/app/api/payment/request/route.ts index a09b298..f631e08 100644 --- a/app/api/payment/request/route.ts +++ b/app/api/payment/request/route.ts @@ -1,15 +1,14 @@ import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; +import { getApiUser } from "@/lib/apiAuth"; import { requestPayment } from "@/lib/zarinpal"; export async function POST(req: NextRequest) { - const session = await getServerSession(authOptions); - if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); + const apiUser = await getApiUser(req); + if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const { packageId } = await req.json(); - const userId = (session.user as any).id; + const userId = apiUser.id; const pkg = await db.package.findUnique({ where: { id: packageId } }); if (!pkg || !pkg.isActive) return NextResponse.json({ error: "پکیج پیدا نشد" }, { status: 404 }); diff --git a/app/api/players/[id]/route.ts b/app/api/players/[id]/route.ts index 822a597..cd761da 100644 --- a/app/api/players/[id]/route.ts +++ b/app/api/players/[id]/route.ts @@ -1,12 +1,10 @@ import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; - +import { getApiUser } from "@/lib/apiAuth"; export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { const { id } = await params; - const session = await getServerSession(authOptions); - if (!session || (session.user as any).role !== "ADMIN") { + const apiUser = await getApiUser(req); + if (!apiUser || apiUser.role !== "ADMIN") { return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); } @@ -24,8 +22,8 @@ export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: export async function DELETE(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { const { id } = await params; - const session = await getServerSession(authOptions); - if (!session || (session.user as any).role !== "ADMIN") { + const apiUser = await getApiUser(req); + if (!apiUser || apiUser.role !== "ADMIN") { return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); } diff --git a/app/api/players/route.ts b/app/api/players/route.ts index 3998972..b07d497 100644 --- a/app/api/players/route.ts +++ b/app/api/players/route.ts @@ -1,8 +1,6 @@ import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; - +import { getApiUser } from "@/lib/apiAuth"; export async function GET(req: NextRequest) { const { searchParams } = new URL(req.url); const position = searchParams.get("position"); @@ -21,8 +19,8 @@ export async function GET(req: NextRequest) { } export async function POST(req: NextRequest) { - const session = await getServerSession(authOptions); - if (!session || (session.user as any).role !== "ADMIN") { + const apiUser = await getApiUser(req); + if (!apiUser || apiUser.role !== "ADMIN") { return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); } diff --git a/app/api/quiz/my-results/route.ts b/app/api/quiz/my-results/route.ts index 98a50f9..a485a6b 100644 --- a/app/api/quiz/my-results/route.ts +++ b/app/api/quiz/my-results/route.ts @@ -1,14 +1,12 @@ -import { NextResponse } from "next/server"; +import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; - +import { getApiUser } from "@/lib/apiAuth"; // GET /api/quiz/my-results -export async function GET() { - const session = await getServerSession(authOptions); - if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); +export async function GET(req: NextRequest) { + const apiUser = await getApiUser(req); + if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); - const userId = (session.user as any).id; + const userId = apiUser.id; const submissions = await db.quizSubmission.findMany({ where: { userId }, diff --git a/app/api/quiz/submit/route.ts b/app/api/quiz/submit/route.ts index fe44092..ba5b94e 100644 --- a/app/api/quiz/submit/route.ts +++ b/app/api/quiz/submit/route.ts @@ -1,15 +1,14 @@ import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; +import { getApiUser } from "@/lib/apiAuth"; import { CARD_TIER_LABELS, resolveQuizRewardTier } from "@/lib/cardTier"; // POST /api/quiz/submit export async function POST(req: NextRequest) { - const session = await getServerSession(authOptions); - if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); + const apiUser = await getApiUser(req); + if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); - const userId = (session.user as any).id; + const userId = apiUser.id; const { quizId, answers } = await req.json(); if (!quizId || !Array.isArray(answers)) { diff --git a/app/api/rounds/[id]/activate/route.ts b/app/api/rounds/[id]/activate/route.ts index 5bbf9cc..6b5916c 100644 --- a/app/api/rounds/[id]/activate/route.ts +++ b/app/api/rounds/[id]/activate/route.ts @@ -1,12 +1,10 @@ import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; - -export async function POST(_: NextRequest, { params }: { params: Promise<{ id: string }> }) { +import { getApiUser } from "@/lib/apiAuth"; +export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { const { id } = await params; - const session = await getServerSession(authOptions); - if (!session || (session.user as any).role !== "ADMIN") + const apiUser = await getApiUser(req); + if (!apiUser || apiUser.role !== "ADMIN") return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const currentRound = await db.round.findUnique({ where: { id } }); diff --git a/app/api/rounds/route.ts b/app/api/rounds/route.ts index 762850b..aa0c813 100644 --- a/app/api/rounds/route.ts +++ b/app/api/rounds/route.ts @@ -1,16 +1,14 @@ import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; - -export async function GET() { +import { getApiUser } from "@/lib/apiAuth"; +export async function GET(req: NextRequest) { const rounds = await db.round.findMany({ orderBy: { number: "asc" } }); return NextResponse.json(rounds); } export async function POST(req: NextRequest) { - const session = await getServerSession(authOptions); - if (!session || (session.user as any).role !== "ADMIN") + const apiUser = await getApiUser(req); + if (!apiUser || apiUser.role !== "ADMIN") return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const { number, name, deadline } = await req.json(); @@ -25,8 +23,8 @@ export async function POST(req: NextRequest) { } export async function PUT(req: NextRequest) { - const session = await getServerSession(authOptions); - if (!session || (session.user as any).role !== "ADMIN") + const apiUser = await getApiUser(req); + if (!apiUser || apiUser.role !== "ADMIN") return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const { id, number, name, deadline } = await req.json(); @@ -39,8 +37,8 @@ export async function PUT(req: NextRequest) { } export async function DELETE(req: NextRequest) { - const session = await getServerSession(authOptions); - if (!session || (session.user as any).role !== "ADMIN") + const apiUser = await getApiUser(req); + if (!apiUser || apiUser.role !== "ADMIN") return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const { id } = await req.json(); diff --git a/app/api/team/captain/route.ts b/app/api/team/captain/route.ts index 0d08c9d..6270e06 100644 --- a/app/api/team/captain/route.ts +++ b/app/api/team/captain/route.ts @@ -1,14 +1,12 @@ import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; - +import { getApiUser } from "@/lib/apiAuth"; export async function PUT(req: NextRequest) { - const session = await getServerSession(authOptions); - if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); + const apiUser = await getApiUser(req); + if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const { playerId, type } = await req.json(); - const team = await db.team.findUnique({ where: { userId: (session.user as any).id } }); + const team = await db.team.findUnique({ where: { userId: apiUser.id } }); if (!team) return NextResponse.json({ error: "تیم پیدا نشد" }, { status: 404 }); if (type === "captain") { diff --git a/app/api/team/formation/route.ts b/app/api/team/formation/route.ts index 73b527b..636619e 100644 --- a/app/api/team/formation/route.ts +++ b/app/api/team/formation/route.ts @@ -1,18 +1,17 @@ import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; +import { getApiUser } from "@/lib/apiAuth"; import { getFormationChangeIssues, FORMATIONS } from "@/lib/teamValidation"; export async function PUT(req: NextRequest) { - const session = await getServerSession(authOptions); - if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); + const apiUser = await getApiUser(req); + if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const { formation } = await req.json(); if (!FORMATIONS[formation]) return NextResponse.json({ error: "ترکیب نامعتبر" }, { status: 400 }); const team = await db.team.findUnique({ - where: { userId: (session.user as any).id }, + where: { userId: apiUser.id }, include: { players: { include: { player: true } } }, }); if (!team) return NextResponse.json({ error: "تیم پیدا نشد" }, { status: 404 }); diff --git a/app/api/team/players/route.ts b/app/api/team/players/route.ts index b91d29d..dc143c1 100644 --- a/app/api/team/players/route.ts +++ b/app/api/team/players/route.ts @@ -1,14 +1,12 @@ import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; - +import { getApiUser } from "@/lib/apiAuth"; export async function POST(req: NextRequest) { - const session = await getServerSession(authOptions); - if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); + const apiUser = await getApiUser(req); + if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const { playerId, isBench } = await req.json(); - const userId = (session.user as any).id; + const userId = apiUser.id; const team = await db.team.findUnique({ where: { userId }, @@ -49,11 +47,11 @@ export async function POST(req: NextRequest) { } export async function DELETE(req: NextRequest) { - const session = await getServerSession(authOptions); - if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); + const apiUser = await getApiUser(req); + if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const { playerId } = await req.json(); - const userId = (session.user as any).id; + const userId = apiUser.id; const team = await db.team.findUnique({ where: { userId }, diff --git a/app/api/team/route.ts b/app/api/team/route.ts index 5964c82..0f0f4f6 100644 --- a/app/api/team/route.ts +++ b/app/api/team/route.ts @@ -1,14 +1,12 @@ import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; - -export async function GET() { - const session = await getServerSession(authOptions); - if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); +import { getApiUser } from "@/lib/apiAuth"; +export async function GET(req: NextRequest) { + const apiUser = await getApiUser(req); + if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const team = await db.team.findUnique({ - where: { userId: (session.user as any).id }, + where: { userId: apiUser.id }, include: { players: { include: { player: true }, @@ -20,11 +18,11 @@ export async function GET() { } export async function POST(req: NextRequest) { - const session = await getServerSession(authOptions); - if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); + const apiUser = await getApiUser(req); + if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const { name, formation } = await req.json(); - const userId = (session.user as any).id; + const userId = apiUser.id; // بررسی وجود کاربر const user = await db.user.findUnique({ where: { id: userId } }); diff --git a/app/api/team/submit/route.ts b/app/api/team/submit/route.ts index bdd2ca3..3103948 100644 --- a/app/api/team/submit/route.ts +++ b/app/api/team/submit/route.ts @@ -1,15 +1,14 @@ -import { NextResponse } from "next/server"; +import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; +import { getApiUser } from "@/lib/apiAuth"; import { validateTeamComposition } from "@/lib/teamValidation"; -export async function POST() { - const session = await getServerSession(authOptions); - if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); +export async function POST(req: NextRequest) { + const apiUser = await getApiUser(req); + if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const team = await db.team.findUnique({ - where: { userId: (session.user as any).id }, + where: { userId: apiUser.id }, include: { players: { include: { player: true } } }, }); diff --git a/app/api/test-session/route.ts b/app/api/test-session/route.ts index 271b7dc..91d8ba2 100644 --- a/app/api/test-session/route.ts +++ b/app/api/test-session/route.ts @@ -1,16 +1,14 @@ -import { NextResponse } from "next/server"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; +import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; - -export async function GET() { - const session = await getServerSession(authOptions); +import { getApiUser } from "@/lib/apiAuth"; +export async function GET(req: NextRequest) { + const apiUser = await getApiUser(req); - if (!session) { + if (!apiUser) { return NextResponse.json({ error: "No session" }, { status: 401 }); } - const userId = (session.user as any).id; + const userId = apiUser.id; // بررسی وجود کاربر در دیتابیس const user = await db.user.findUnique({ @@ -20,7 +18,7 @@ export async function GET() { return NextResponse.json({ session: { - user: session.user, + user: apiUser, userId: userId, }, userInDb: user, diff --git a/app/api/user/profile/route.ts b/app/api/user/profile/route.ts index 5caefde..96e19f9 100644 --- a/app/api/user/profile/route.ts +++ b/app/api/user/profile/route.ts @@ -1,15 +1,13 @@ import { NextRequest, NextResponse } from "next/server"; import { db } from "@/lib/db"; -import { getServerSession } from "next-auth"; -import { authOptions } from "@/lib/auth"; - +import { getApiUser } from "@/lib/apiAuth"; export async function PUT(req: NextRequest) { - const session = await getServerSession(authOptions); - if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); + const apiUser = await getApiUser(req); + if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); const { name } = await req.json(); const user = await db.user.update({ - where: { id: (session.user as any).id }, + where: { id: apiUser.id }, data: { name }, }); return NextResponse.json({ name: user.name }); diff --git a/lib/apiAuth.ts b/lib/apiAuth.ts index 7c78929..8c915d1 100644 --- a/lib/apiAuth.ts +++ b/lib/apiAuth.ts @@ -1,9 +1,8 @@ -import { NextRequest } from "next/server"; import { getServerSession } from "next-auth"; import { db } from "@/lib/db"; import { authOptions } from "@/lib/auth"; -export async function getApiUser(req: NextRequest) { +export async function getApiUser(req: Request) { const authHeader = req.headers.get("authorization"); const bearerToken = authHeader?.match(/^Bearer\s+(.+)$/i)?.[1]; @@ -25,7 +24,7 @@ export async function getApiUser(req: NextRequest) { return db.user.findUnique({ where: { id: userId } }); } -export async function requireApiAdmin(req: NextRequest) { +export async function requireApiAdmin(req: Request) { const user = await getApiUser(req); if (!user || user.role !== "ADMIN") return null; return user;