alisaeed/football-next
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add otp swagger3

Browse Source
This commit is contained in:
Mohammad Saeed Roosta
2026-05-13 15:46:27 +03:30
parent 3be3a49abd
commit 8975d0a24b
38 changed files with 181 additions and 245 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/api/admin/matches/[id]/calc-points/route.ts
View File

@@ -1,13 +1,12 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth";
import { calculateMatchPoints } from "@/lib/points"; import { calculateMatchPoints } from "@/lib/points";
export async function POST(_: NextRequest, { params }: { params: Promise<{ id: string }> }) { export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const { id } = await params; const { id } = await params;
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session || (session.user as any).role !== "ADMIN") if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const events = await db.matchEvent.findMany({ const events = await db.matchEvent.findMany({

10
app/api/admin/matches/[id]/events/[eventId]/route.ts
View File

@@ -1,12 +1,10 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth"; export async function DELETE(req: NextRequest, { params }: { params: Promise<{ id: string; eventId: string }> }) {
export async function DELETE(_: NextRequest, { params }: { params: Promise<{ id: string; eventId: string }> }) {
const { eventId } = await params; const { eventId } = await params;
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session || (session.user as any).role !== "ADMIN") if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
await db.matchEvent.delete({ where: { id: eventId } }); await db.matchEvent.delete({ where: { id: eventId } });

8
app/api/admin/matches/[id]/events/route.ts
View File

@@ -1,12 +1,10 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth";
export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const { id } = await params; const { id } = await params;
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session || (session.user as any).role !== "ADMIN") if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const { playerId, type, minute, extraInfo } = await req.json(); const { playerId, type, minute, extraInfo } = await req.json();

8
app/api/admin/matches/[id]/lineup/route.ts
View File

@@ -1,12 +1,10 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth";
export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const { id } = await params; const { id } = await params;
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session || (session.user as any).role !== "ADMIN") if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const lineups: Array<{ countryId: string; formation: string; playerIds: string[] }> = await req.json(); const lineups: Array<{ countryId: string; formation: string; playerIds: string[] }> = await req.json();

8
app/api/admin/players/[id]/card-tier/route.ts
View File

@@ -1,13 +1,11 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth";
const validTiers = new Set(["GOLD", "SILVER", "BRONZE"]); const validTiers = new Set(["GOLD", "SILVER", "BRONZE"]);
export async function PATCH(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { export async function PATCH(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session || (session.user as any).role !== "ADMIN") { if (!apiUser || apiUser.role !== "ADMIN") {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
} }

8
app/api/admin/players/[id]/golden-toggle/route.ts
View File

@@ -1,12 +1,10 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth";
// PATCH /api/admin/players/[id]/golden-toggle // PATCH /api/admin/players/[id]/golden-toggle
export async function PATCH(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { export async function PATCH(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session || (session.user as any).role !== "ADMIN") { if (!apiUser || apiUser.role !== "ADMIN") {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
} }

7
app/api/admin/quiz/[id]/lottery/route.ts
View File

@@ -1,7 +1,6 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth";
import { CARD_TIER_LABELS, resolveQuizRewardTier } from "@/lib/cardTier"; import { CARD_TIER_LABELS, resolveQuizRewardTier } from "@/lib/cardTier";
function shuffleArray<T>(items: T[]) { function shuffleArray<T>(items: T[]) {
@@ -10,8 +9,8 @@ function shuffleArray<T>(items: T[]) {
// POST /api/admin/quiz/[id]/lottery - run reward distribution for a quiz // POST /api/admin/quiz/[id]/lottery - run reward distribution for a quiz
export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session || (session.user as any).role !== "ADMIN") { if (!apiUser || apiUser.role !== "ADMIN") {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
} }

21
app/api/admin/quiz/[id]/route.ts
View File

@@ -1,15 +1,14 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth";
import { Prisma } from "@/lib/generated/prisma"; import { Prisma } from "@/lib/generated/prisma";
async function requireAdmin() { async function requireAdmin(req: NextRequest) {
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session || (session.user as any).role !== "ADMIN") { if (!apiUser || apiUser.role !== "ADMIN") {
return null; return null;
} }
return session; return apiUser;
} }
function calculateResult(answers: number[], questions: Array<{ correctAnswer: number }>) { function calculateResult(answers: number[], questions: Array<{ correctAnswer: number }>) {
@@ -59,8 +58,8 @@ function validateTierConfig(input: {
export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
try { try {
const session = await requireAdmin(); const apiUser = await requireAdmin(req);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const { id } = await params; const { id } = await params;
const { const {
@@ -167,9 +166,9 @@ export async function PUT(req: NextRequest, { params }: { params: Promise<{ id:
} }
} }
export async function DELETE(_: NextRequest, { params }: { params: Promise<{ id: string }> }) { export async function DELETE(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const session = await requireAdmin(); const apiUser = await requireAdmin(req);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const { id } = await params; const { id } = await params;

17
app/api/admin/quiz/route.ts
View File

@@ -1,13 +1,12 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth";
import { Prisma } from "@/lib/generated/prisma"; import { Prisma } from "@/lib/generated/prisma";
async function adminOnly(req: NextRequest) { async function adminOnly(req: NextRequest) {
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session || (session.user as any).role !== "ADMIN") return null; if (!apiUser || apiUser.role !== "ADMIN") return null;
return session; return apiUser;
} }
function validateTierConfig(input: { function validateTierConfig(input: {
@@ -43,8 +42,8 @@ function validateTierConfig(input: {
// GET /api/admin/quiz - list all quizzes // GET /api/admin/quiz - list all quizzes
export async function GET(req: NextRequest) { export async function GET(req: NextRequest) {
const session = await adminOnly(req); const apiUser = await adminOnly(req);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const quizzes = await db.dailyQuiz.findMany({ const quizzes = await db.dailyQuiz.findMany({
orderBy: { date: "desc" }, orderBy: { date: "desc" },
@@ -60,8 +59,8 @@ export async function GET(req: NextRequest) {
// POST /api/admin/quiz - create quiz // POST /api/admin/quiz - create quiz
export async function POST(req: NextRequest) { export async function POST(req: NextRequest) {
try { try {
const session = await adminOnly(req); const apiUser = await adminOnly(req);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const { const {
date, date,

12
app/api/admin/scoring/route.ts
View File

@@ -1,11 +1,9 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth";
export async function PUT(req: NextRequest) { export async function PUT(req: NextRequest) {
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session || (session.user as any).role !== "ADMIN") if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const rules: Array<{ position: string; eventType: string; points: number }> = await req.json(); const rules: Array<{ position: string; eventType: string; points: number }> = await req.json();
@@ -13,8 +11,8 @@ export async function PUT(req: NextRequest) {
for (const rule of rules) { for (const rule of rules) {
await db.scoringRule.upsert({ await db.scoringRule.upsert({
where: { position_eventType: { position: rule.position as any, eventType: rule.eventType as any } }, where: { position_eventType: { position: rule.position as any, eventType: rule.eventType as any } },
update: { points: rule.points, updatedBy: (session.user as any).id }, update: { points: rule.points, updatedBy: apiUser.id },
create: { position: rule.position as any, eventType: rule.eventType as any, points: rule.points, updatedBy: (session.user as any).id }, create: { position: rule.position as any, eventType: rule.eventType as any, points: rule.points, updatedBy: apiUser.id },
}); });
} }

8
app/api/admin/teams/[id]/route.ts
View File

@@ -1,12 +1,10 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth";
export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const { id } = await params; const { id } = await params;
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session || (session.user as any).role !== "ADMIN") if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const { status } = await req.json(); const { status } = await req.json();

12
app/api/admin/teams/route.ts
View File

@@ -1,11 +1,9 @@
import { NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth"; export async function GET(req: NextRequest) {
const apiUser = await getApiUser(req);
export async function GET() { if (!apiUser || apiUser.role !== "ADMIN")
const session = await getServerSession(authOptions);
if (!session || (session.user as any).role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const teams = await db.team.findMany({ const teams = await db.team.findMany({

14
app/api/countries/[id]/route.ts
View File

@@ -1,12 +1,10 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth";
export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const { id } = await params; const { id } = await params;
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session || (session.user as any).role !== "ADMIN") if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const body = await req.json(); const body = await req.json();
@@ -14,10 +12,10 @@ export async function PUT(req: NextRequest, { params }: { params: Promise<{ id:
return NextResponse.json(country); return NextResponse.json(country);
} }
export async function DELETE(_: NextRequest, { params }: { params: Promise<{ id: string }> }) { export async function DELETE(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const { id } = await params; const { id } = await params;
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session || (session.user as any).role !== "ADMIN") if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
await db.country.delete({ where: { id } }); await db.country.delete({ where: { id } });

10
app/api/countries/route.ts
View File

@@ -1,9 +1,7 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth"; export async function GET(req: NextRequest) {
export async function GET() {
const countries = await db.country.findMany({ const countries = await db.country.findMany({
include: { group: true }, include: { group: true },
orderBy: { name: "asc" }, orderBy: { name: "asc" },
@@ -12,8 +10,8 @@ export async function GET() {
} }
export async function POST(req: NextRequest) { export async function POST(req: NextRequest) {
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session || (session.user as any).role !== "ADMIN") if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const body = await req.json(); const body = await req.json();

10
app/api/gameweeks/[id]/activate/route.ts
View File

@@ -1,12 +1,10 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth"; export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
export async function POST(_: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const { id } = await params; const { id } = await params;
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session || (session.user as any).role !== "ADMIN") if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
// غیرفعال کردن همه // غیرفعال کردن همه

10
app/api/gameweeks/route.ts
View File

@@ -1,16 +1,14 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth"; export async function GET(req: NextRequest) {
export async function GET() {
const gameweeks = await db.gameweek.findMany({ orderBy: { number: "asc" } }); const gameweeks = await db.gameweek.findMany({ orderBy: { number: "asc" } });
return NextResponse.json(gameweeks); return NextResponse.json(gameweeks);
} }
export async function POST(req: NextRequest) { export async function POST(req: NextRequest) {
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session || (session.user as any).role !== "ADMIN") if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const body = await req.json(); const body = await req.json();

9
app/api/golden-cards/[id]/add-to-team/route.ts
View File

@@ -1,7 +1,6 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth";
import { import {
getAutoPlacement, getAutoPlacement,
getPositionLabel, getPositionLabel,
@@ -9,10 +8,10 @@ import {
} from "@/lib/specialCards"; } from "@/lib/specialCards";
export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const userId = (session.user as any).id; const userId = apiUser.id;
const { id } = await params; const { id } = await params;
const { replacePlayerId } = await req.json().catch(() => ({})); const { replacePlayerId } = await req.json().catch(() => ({}));

10
app/api/golden-cards/[id]/reveal/route.ts
View File

@@ -1,14 +1,12 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth";
// POST /api/golden-cards/[id]/reveal // POST /api/golden-cards/[id]/reveal
export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const userId = (session.user as any).id; const userId = apiUser.id;
const { id } = await params; const { id } = await params;
const card = await db.goldenCard.findUnique({ where: { id } }); const card = await db.goldenCard.findUnique({ where: { id } });

11
app/api/golden-cards/[id]/sell/route.ts
View File

@@ -1,14 +1,13 @@
import { NextResponse } from "next/server"; import { NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth";
import { getSpecialCardSalePrice } from "@/lib/specialCards"; import { getSpecialCardSalePrice } from "@/lib/specialCards";
export async function POST(_: Request, { params }: { params: Promise<{ id: string }> }) { export async function POST(req: Request, { params }: { params: Promise<{ id: string }> }) {
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const userId = (session.user as any).id; const userId = apiUser.id;
const { id } = await params; const { id } = await params;
const card = await db.goldenCard.findUnique({ const card = await db.goldenCard.findUnique({

14
app/api/golden-cards/route.ts
View File

@@ -1,14 +1,12 @@
import { NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth";
// GET /api/golden-cards - get current user's golden cards // GET /api/golden-cards - get current user's golden cards
export async function GET() { export async function GET(req: NextRequest) {
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const userId = (session.user as any).id; const userId = apiUser.id;
const cards = await db.goldenCard.findMany({ const cards = await db.goldenCard.findMany({
where: { userId }, where: { userId },

16
app/api/matches/[id]/route.ts
View File

@@ -1,9 +1,7 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth"; export async function GET(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
export async function GET(_: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const { id } = await params; const { id } = await params;
const match = await db.match.findUnique({ const match = await db.match.findUnique({
where: { id }, where: { id },
@@ -15,8 +13,8 @@ export async function GET(_: NextRequest, { params }: { params: Promise<{ id: st
export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const { id } = await params; const { id } = await params;
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session || (session.user as any).role !== "ADMIN") if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const body = await req.json(); const body = await req.json();
@@ -30,10 +28,10 @@ export async function PUT(req: NextRequest, { params }: { params: Promise<{ id:
return NextResponse.json(match); return NextResponse.json(match);
} }
export async function DELETE(_: NextRequest, { params }: { params: Promise<{ id: string }> }) { export async function DELETE(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const { id } = await params; const { id } = await params;
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session || (session.user as any).role !== "ADMIN") if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
await db.match.delete({ where: { id } }); await db.match.delete({ where: { id } });

7
app/api/matches/[id]/stats/route.ts
View File

@@ -1,13 +1,12 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth";
import { calculateMatchPoints } from "@/lib/points"; import { calculateMatchPoints } from "@/lib/points";
export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const { id } = await params; const { id } = await params;
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session || (session.user as any).role !== "ADMIN") if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const stats: Array<{ const stats: Array<{

10
app/api/matches/route.ts
View File

@@ -1,9 +1,7 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth"; export async function GET(req: NextRequest) {
export async function GET() {
const matches = await db.match.findMany({ const matches = await db.match.findMany({
include: { include: {
homeTeam: true, homeTeam: true,
@@ -16,8 +14,8 @@ export async function GET() {
} }
export async function POST(req: NextRequest) { export async function POST(req: NextRequest) {
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session || (session.user as any).role !== "ADMIN") if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const body = await req.json(); const body = await req.json();

9
app/api/payment/request/route.ts
View File

@@ -1,15 +1,14 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth";
import { requestPayment } from "@/lib/zarinpal"; import { requestPayment } from "@/lib/zarinpal";
export async function POST(req: NextRequest) { export async function POST(req: NextRequest) {
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const { packageId } = await req.json(); const { packageId } = await req.json();
const userId = (session.user as any).id; const userId = apiUser.id;
const pkg = await db.package.findUnique({ where: { id: packageId } }); const pkg = await db.package.findUnique({ where: { id: packageId } });
if (!pkg || !pkg.isActive) return NextResponse.json({ error: "پکیج پیدا نشد" }, { status: 404 }); if (!pkg || !pkg.isActive) return NextResponse.json({ error: "پکیج پیدا نشد" }, { status: 404 });

12
app/api/players/[id]/route.ts
View File

@@ -1,12 +1,10 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth";
export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const { id } = await params; const { id } = await params;
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session || (session.user as any).role !== "ADMIN") { if (!apiUser || apiUser.role !== "ADMIN") {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
} }
@@ -24,8 +22,8 @@ export async function PUT(req: NextRequest, { params }: { params: Promise<{ id:
export async function DELETE(req: NextRequest, { params }: { params: Promise<{ id: string }> }) { export async function DELETE(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const { id } = await params; const { id } = await params;
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session || (session.user as any).role !== "ADMIN") { if (!apiUser || apiUser.role !== "ADMIN") {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
} }

8
app/api/players/route.ts
View File

@@ -1,8 +1,6 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth";
export async function GET(req: NextRequest) { export async function GET(req: NextRequest) {
const { searchParams } = new URL(req.url); const { searchParams } = new URL(req.url);
const position = searchParams.get("position"); const position = searchParams.get("position");
@@ -21,8 +19,8 @@ export async function GET(req: NextRequest) {
} }
export async function POST(req: NextRequest) { export async function POST(req: NextRequest) {
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session || (session.user as any).role !== "ADMIN") { if (!apiUser || apiUser.role !== "ADMIN") {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
} }

14
app/api/quiz/my-results/route.ts
View File

@@ -1,14 +1,12 @@
import { NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth";
// GET /api/quiz/my-results // GET /api/quiz/my-results
export async function GET() { export async function GET(req: NextRequest) {
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const userId = (session.user as any).id; const userId = apiUser.id;
const submissions = await db.quizSubmission.findMany({ const submissions = await db.quizSubmission.findMany({
where: { userId }, where: { userId },

9
app/api/quiz/submit/route.ts
View File

@@ -1,15 +1,14 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth";
import { CARD_TIER_LABELS, resolveQuizRewardTier } from "@/lib/cardTier"; import { CARD_TIER_LABELS, resolveQuizRewardTier } from "@/lib/cardTier";
// POST /api/quiz/submit // POST /api/quiz/submit
export async function POST(req: NextRequest) { export async function POST(req: NextRequest) {
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const userId = (session.user as any).id; const userId = apiUser.id;
const { quizId, answers } = await req.json(); const { quizId, answers } = await req.json();
if (!quizId || !Array.isArray(answers)) { if (!quizId || !Array.isArray(answers)) {

10
app/api/rounds/[id]/activate/route.ts
View File

@@ -1,12 +1,10 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth"; export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
export async function POST(_: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const { id } = await params; const { id } = await params;
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session || (session.user as any).role !== "ADMIN") if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const currentRound = await db.round.findUnique({ where: { id } }); const currentRound = await db.round.findUnique({ where: { id } });

18
app/api/rounds/route.ts
View File

@@ -1,16 +1,14 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth"; export async function GET(req: NextRequest) {
export async function GET() {
const rounds = await db.round.findMany({ orderBy: { number: "asc" } }); const rounds = await db.round.findMany({ orderBy: { number: "asc" } });
return NextResponse.json(rounds); return NextResponse.json(rounds);
} }
export async function POST(req: NextRequest) { export async function POST(req: NextRequest) {
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session || (session.user as any).role !== "ADMIN") if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const { number, name, deadline } = await req.json(); const { number, name, deadline } = await req.json();
@@ -25,8 +23,8 @@ export async function POST(req: NextRequest) {
} }
export async function PUT(req: NextRequest) { export async function PUT(req: NextRequest) {
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session || (session.user as any).role !== "ADMIN") if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const { id, number, name, deadline } = await req.json(); const { id, number, name, deadline } = await req.json();
@@ -39,8 +37,8 @@ export async function PUT(req: NextRequest) {
} }
export async function DELETE(req: NextRequest) { export async function DELETE(req: NextRequest) {
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session || (session.user as any).role !== "ADMIN") if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const { id } = await req.json(); const { id } = await req.json();

10
app/api/team/captain/route.ts
View File

@@ -1,14 +1,12 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth";
export async function PUT(req: NextRequest) { export async function PUT(req: NextRequest) {
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const { playerId, type } = await req.json(); const { playerId, type } = await req.json();
const team = await db.team.findUnique({ where: { userId: (session.user as any).id } }); const team = await db.team.findUnique({ where: { userId: apiUser.id } });
if (!team) return NextResponse.json({ error: "تیم پیدا نشد" }, { status: 404 }); if (!team) return NextResponse.json({ error: "تیم پیدا نشد" }, { status: 404 });
if (type === "captain") { if (type === "captain") {

9
app/api/team/formation/route.ts
View File

@@ -1,18 +1,17 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth";
import { getFormationChangeIssues, FORMATIONS } from "@/lib/teamValidation"; import { getFormationChangeIssues, FORMATIONS } from "@/lib/teamValidation";
export async function PUT(req: NextRequest) { export async function PUT(req: NextRequest) {
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const { formation } = await req.json(); const { formation } = await req.json();
if (!FORMATIONS[formation]) return NextResponse.json({ error: "ترکیب نامعتبر" }, { status: 400 }); if (!FORMATIONS[formation]) return NextResponse.json({ error: "ترکیب نامعتبر" }, { status: 400 });
const team = await db.team.findUnique({ const team = await db.team.findUnique({
where: { userId: (session.user as any).id }, where: { userId: apiUser.id },
include: { players: { include: { player: true } } }, include: { players: { include: { player: true } } },
}); });
if (!team) return NextResponse.json({ error: "تیم پیدا نشد" }, { status: 404 }); if (!team) return NextResponse.json({ error: "تیم پیدا نشد" }, { status: 404 });

16
app/api/team/players/route.ts
View File

@@ -1,14 +1,12 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth";
export async function POST(req: NextRequest) { export async function POST(req: NextRequest) {
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const { playerId, isBench } = await req.json(); const { playerId, isBench } = await req.json();
const userId = (session.user as any).id; const userId = apiUser.id;
const team = await db.team.findUnique({ const team = await db.team.findUnique({
where: { userId }, where: { userId },
@@ -49,11 +47,11 @@ export async function POST(req: NextRequest) {
} }
export async function DELETE(req: NextRequest) { export async function DELETE(req: NextRequest) {
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const { playerId } = await req.json(); const { playerId } = await req.json();
const userId = (session.user as any).id; const userId = apiUser.id;
const team = await db.team.findUnique({ const team = await db.team.findUnique({
where: { userId }, where: { userId },

18
app/api/team/route.ts
View File

@@ -1,14 +1,12 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth"; export async function GET(req: NextRequest) {
const apiUser = await getApiUser(req);
export async function GET() { if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const session = await getServerSession(authOptions);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const team = await db.team.findUnique({ const team = await db.team.findUnique({
where: { userId: (session.user as any).id }, where: { userId: apiUser.id },
include: { include: {
players: { players: {
include: { player: true }, include: { player: true },
@@ -20,11 +18,11 @@ export async function GET() {
} }
export async function POST(req: NextRequest) { export async function POST(req: NextRequest) {
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const { name, formation } = await req.json(); const { name, formation } = await req.json();
const userId = (session.user as any).id; const userId = apiUser.id;
// بررسی وجود کاربر // بررسی وجود کاربر
const user = await db.user.findUnique({ where: { id: userId } }); const user = await db.user.findUnique({ where: { id: userId } });

13
app/api/team/submit/route.ts
View File

@@ -1,15 +1,14 @@
import { NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth";
import { validateTeamComposition } from "@/lib/teamValidation"; import { validateTeamComposition } from "@/lib/teamValidation";
export async function POST() { export async function POST(req: NextRequest) {
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const team = await db.team.findUnique({ const team = await db.team.findUnique({
where: { userId: (session.user as any).id }, where: { userId: apiUser.id },
include: { players: { include: { player: true } } }, include: { players: { include: { player: true } } },
}); });

16
app/api/test-session/route.ts
View File

@@ -1,16 +1,14 @@
import { NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getApiUser } from "@/lib/apiAuth";
export async function GET() { export async function GET(req: NextRequest) {
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session) { if (!apiUser) {
return NextResponse.json({ error: "No session" }, { status: 401 }); return NextResponse.json({ error: "No session" }, { status: 401 });
} }
const userId = (session.user as any).id; const userId = apiUser.id;
// بررسی وجود کاربر در دیتابیس // بررسی وجود کاربر در دیتابیس
const user = await db.user.findUnique({ const user = await db.user.findUnique({
@@ -20,7 +18,7 @@ export async function GET() {
return NextResponse.json({ return NextResponse.json({
session: { session: {
user: session.user, user: apiUser,
userId: userId, userId: userId,
}, },
userInDb: user, userInDb: user,

10
app/api/user/profile/route.ts
View File

@@ -1,15 +1,13 @@
import { NextRequest, NextResponse } from "next/server"; import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { getServerSession } from "next-auth"; import { getApiUser } from "@/lib/apiAuth";
import { authOptions } from "@/lib/auth";
export async function PUT(req: NextRequest) { export async function PUT(req: NextRequest) {
const session = await getServerSession(authOptions); const apiUser = await getApiUser(req);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const { name } = await req.json(); const { name } = await req.json();
const user = await db.user.update({ const user = await db.user.update({
where: { id: (session.user as any).id }, where: { id: apiUser.id },
data: { name }, data: { name },
}); });
return NextResponse.json({ name: user.name }); return NextResponse.json({ name: user.name });

5
lib/apiAuth.ts
View File

@@ -1,9 +1,8 @@
import { NextRequest } from "next/server";
import { getServerSession } from "next-auth"; import { getServerSession } from "next-auth";
import { db } from "@/lib/db"; import { db } from "@/lib/db";
import { authOptions } from "@/lib/auth"; import { authOptions } from "@/lib/auth";
export async function getApiUser(req: NextRequest) { export async function getApiUser(req: Request) {
const authHeader = req.headers.get("authorization"); const authHeader = req.headers.get("authorization");
const bearerToken = authHeader?.match(/^Bearer\s+(.+)$/i)?.[1]; const bearerToken = authHeader?.match(/^Bearer\s+(.+)$/i)?.[1];
@@ -25,7 +24,7 @@ export async function getApiUser(req: NextRequest) {
return db.user.findUnique({ where: { id: userId } }); return db.user.findUnique({ where: { id: userId } });
} }
export async function requireApiAdmin(req: NextRequest) { export async function requireApiAdmin(req: Request) {
const user = await getApiUser(req); const user = await getApiUser(req);
if (!user || user.role !== "ADMIN") return null; if (!user || user.role !== "ADMIN") return null;
return user; return user;