add otp swagger3

2026-05-13 15:46:27 +03:30
parent 3be3a49abd
commit 8975d0a24b
38 changed files with 181 additions and 245 deletions
--- a/app/api/admin/quiz/route.ts
+++ b/app/api/admin/quiz/route.ts
@@ -1,13 +1,12 @@
 import { NextRequest, NextResponse } from "next/server";
 import { db } from "@/lib/db";
-import { getServerSession } from "next-auth";
-import { authOptions } from "@/lib/auth";
+import { getApiUser } from "@/lib/apiAuth";
 import { Prisma } from "@/lib/generated/prisma";

 async function adminOnly(req: NextRequest) {
-  const session = await getServerSession(authOptions);
-  if (!session || (session.user as any).role !== "ADMIN") return null;
-  return session;
+  const apiUser = await getApiUser(req);
+  if (!apiUser || apiUser.role !== "ADMIN") return null;
+  return apiUser;
 }

 function validateTierConfig(input: {
@@ -43,8 +42,8 @@ function validateTierConfig(input: {

 // GET /api/admin/quiz - list all quizzes
 export async function GET(req: NextRequest) {
-  const session = await adminOnly(req);
-  if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  const apiUser = await adminOnly(req);
+  if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });

  const quizzes = await db.dailyQuiz.findMany({
    orderBy: { date: "desc" },
@@ -60,8 +59,8 @@ export async function GET(req: NextRequest) {
 // POST /api/admin/quiz - create quiz
 export async function POST(req: NextRequest) {
  try {
-    const session = await adminOnly(req);
-    if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+    const apiUser = await adminOnly(req);
+    if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });

    const {
      date,