alisaeed/football-next
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add otp swagger3

Browse Source
This commit is contained in:
Mohammad Saeed Roosta
2026-05-13 15:46:27 +03:30
parent 3be3a49abd
commit 8975d0a24b
38 changed files with 181 additions and 245 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/api/admin/matches/[id]/calc-points/route.ts
View File

@@ -1,13 +1,12 @@
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { getApiUser } from "@/lib/apiAuth";
import { calculateMatchPoints } from "@/lib/points";
export async function POST(_: NextRequest, { params }: { params: Promise<{ id: string }> }) {
export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const { id } = await params;
const session = await getServerSession(authOptions);
if (!session || (session.user as any).role !== "ADMIN")
const apiUser = await getApiUser(req);
if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const events = await db.matchEvent.findMany({

10
app/api/admin/matches/[id]/events/[eventId]/route.ts
View File

@@ -1,12 +1,10 @@
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
export async function DELETE(_: NextRequest, { params }: { params: Promise<{ id: string; eventId: string }> }) {
import { getApiUser } from "@/lib/apiAuth";
export async function DELETE(req: NextRequest, { params }: { params: Promise<{ id: string; eventId: string }> }) {
const { eventId } = await params;
const session = await getServerSession(authOptions);
if (!session || (session.user as any).role !== "ADMIN")
const apiUser = await getApiUser(req);
if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
await db.matchEvent.delete({ where: { id: eventId } });

8
app/api/admin/matches/[id]/events/route.ts
View File

@@ -1,12 +1,10 @@
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { getApiUser } from "@/lib/apiAuth";
export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const { id } = await params;
const session = await getServerSession(authOptions);
if (!session || (session.user as any).role !== "ADMIN")
const apiUser = await getApiUser(req);
if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const { playerId, type, minute, extraInfo } = await req.json();

8
app/api/admin/matches/[id]/lineup/route.ts
View File

@@ -1,12 +1,10 @@
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { getApiUser } from "@/lib/apiAuth";
export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const { id } = await params;
const session = await getServerSession(authOptions);
if (!session || (session.user as any).role !== "ADMIN")
const apiUser = await getApiUser(req);
if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const lineups: Array<{ countryId: string; formation: string; playerIds: string[] }> = await req.json();

8
app/api/admin/players/[id]/card-tier/route.ts
View File

@@ -1,13 +1,11 @@
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { getApiUser } from "@/lib/apiAuth";
const validTiers = new Set(["GOLD", "SILVER", "BRONZE"]);
export async function PATCH(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const session = await getServerSession(authOptions);
if (!session || (session.user as any).role !== "ADMIN") {
const apiUser = await getApiUser(req);
if (!apiUser || apiUser.role !== "ADMIN") {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
}

8
app/api/admin/players/[id]/golden-toggle/route.ts
View File

@@ -1,12 +1,10 @@
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { getApiUser } from "@/lib/apiAuth";
// PATCH /api/admin/players/[id]/golden-toggle
export async function PATCH(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const session = await getServerSession(authOptions);
if (!session || (session.user as any).role !== "ADMIN") {
const apiUser = await getApiUser(req);
if (!apiUser || apiUser.role !== "ADMIN") {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
}

7
app/api/admin/quiz/[id]/lottery/route.ts
View File

@@ -1,7 +1,6 @@
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { getApiUser } from "@/lib/apiAuth";
import { CARD_TIER_LABELS, resolveQuizRewardTier } from "@/lib/cardTier";
function shuffleArray<T>(items: T[]) {
@@ -10,8 +9,8 @@ function shuffleArray<T>(items: T[]) {
// POST /api/admin/quiz/[id]/lottery - run reward distribution for a quiz
export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const session = await getServerSession(authOptions);
if (!session || (session.user as any).role !== "ADMIN") {
const apiUser = await getApiUser(req);
if (!apiUser || apiUser.role !== "ADMIN") {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
}

21
app/api/admin/quiz/[id]/route.ts
View File

@@ -1,15 +1,14 @@
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { getApiUser } from "@/lib/apiAuth";
import { Prisma } from "@/lib/generated/prisma";
async function requireAdmin() {
const session = await getServerSession(authOptions);
if (!session || (session.user as any).role !== "ADMIN") {
async function requireAdmin(req: NextRequest) {
const apiUser = await getApiUser(req);
if (!apiUser || apiUser.role !== "ADMIN") {
return null;
}
return session;
return apiUser;
}
function calculateResult(answers: number[], questions: Array<{ correctAnswer: number }>) {
@@ -59,8 +58,8 @@ function validateTierConfig(input: {
export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
try {
const session = await requireAdmin();
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const apiUser = await requireAdmin(req);
if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const { id } = await params;
const {
@@ -167,9 +166,9 @@ export async function PUT(req: NextRequest, { params }: { params: Promise<{ id:
}
}
export async function DELETE(_: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const session = await requireAdmin();
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
export async function DELETE(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const apiUser = await requireAdmin(req);
if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const { id } = await params;

17
app/api/admin/quiz/route.ts
View File

@@ -1,13 +1,12 @@
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { getApiUser } from "@/lib/apiAuth";
import { Prisma } from "@/lib/generated/prisma";
async function adminOnly(req: NextRequest) {
const session = await getServerSession(authOptions);
if (!session || (session.user as any).role !== "ADMIN") return null;
return session;
const apiUser = await getApiUser(req);
if (!apiUser || apiUser.role !== "ADMIN") return null;
return apiUser;
}
function validateTierConfig(input: {
@@ -43,8 +42,8 @@ function validateTierConfig(input: {
// GET /api/admin/quiz - list all quizzes
export async function GET(req: NextRequest) {
const session = await adminOnly(req);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const apiUser = await adminOnly(req);
if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const quizzes = await db.dailyQuiz.findMany({
orderBy: { date: "desc" },
@@ -60,8 +59,8 @@ export async function GET(req: NextRequest) {
// POST /api/admin/quiz - create quiz
export async function POST(req: NextRequest) {
try {
const session = await adminOnly(req);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const apiUser = await adminOnly(req);
if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const {
date,

12
app/api/admin/scoring/route.ts
View File

@@ -1,11 +1,9 @@
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { getApiUser } from "@/lib/apiAuth";
export async function PUT(req: NextRequest) {
const session = await getServerSession(authOptions);
if (!session || (session.user as any).role !== "ADMIN")
const apiUser = await getApiUser(req);
if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const rules: Array<{ position: string; eventType: string; points: number }> = await req.json();
@@ -13,8 +11,8 @@ export async function PUT(req: NextRequest) {
for (const rule of rules) {
await db.scoringRule.upsert({
where: { position_eventType: { position: rule.position as any, eventType: rule.eventType as any } },
update: { points: rule.points, updatedBy: (session.user as any).id },
create: { position: rule.position as any, eventType: rule.eventType as any, points: rule.points, updatedBy: (session.user as any).id },
update: { points: rule.points, updatedBy: apiUser.id },
create: { position: rule.position as any, eventType: rule.eventType as any, points: rule.points, updatedBy: apiUser.id },
});
}

8
app/api/admin/teams/[id]/route.ts
View File

@@ -1,12 +1,10 @@
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { getApiUser } from "@/lib/apiAuth";
export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const { id } = await params;
const session = await getServerSession(authOptions);
if (!session || (session.user as any).role !== "ADMIN")
const apiUser = await getApiUser(req);
if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const { status } = await req.json();

12
app/api/admin/teams/route.ts
View File

@@ -1,11 +1,9 @@
import { NextResponse } from "next/server";
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
export async function GET() {
const session = await getServerSession(authOptions);
if (!session || (session.user as any).role !== "ADMIN")
import { getApiUser } from "@/lib/apiAuth";
export async function GET(req: NextRequest) {
const apiUser = await getApiUser(req);
if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const teams = await db.team.findMany({

14
app/api/countries/[id]/route.ts
View File

@@ -1,12 +1,10 @@
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { getApiUser } from "@/lib/apiAuth";
export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const { id } = await params;
const session = await getServerSession(authOptions);
if (!session || (session.user as any).role !== "ADMIN")
const apiUser = await getApiUser(req);
if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const body = await req.json();
@@ -14,10 +12,10 @@ export async function PUT(req: NextRequest, { params }: { params: Promise<{ id:
return NextResponse.json(country);
}
export async function DELETE(_: NextRequest, { params }: { params: Promise<{ id: string }> }) {
export async function DELETE(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const { id } = await params;
const session = await getServerSession(authOptions);
if (!session || (session.user as any).role !== "ADMIN")
const apiUser = await getApiUser(req);
if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
await db.country.delete({ where: { id } });

10
app/api/countries/route.ts
View File

@@ -1,9 +1,7 @@
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
export async function GET() {
import { getApiUser } from "@/lib/apiAuth";
export async function GET(req: NextRequest) {
const countries = await db.country.findMany({
include: { group: true },
orderBy: { name: "asc" },
@@ -12,8 +10,8 @@ export async function GET() {
}
export async function POST(req: NextRequest) {
const session = await getServerSession(authOptions);
if (!session || (session.user as any).role !== "ADMIN")
const apiUser = await getApiUser(req);
if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const body = await req.json();

10
app/api/gameweeks/[id]/activate/route.ts
View File

@@ -1,12 +1,10 @@
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
export async function POST(_: NextRequest, { params }: { params: Promise<{ id: string }> }) {
import { getApiUser } from "@/lib/apiAuth";
export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const { id } = await params;
const session = await getServerSession(authOptions);
if (!session || (session.user as any).role !== "ADMIN")
const apiUser = await getApiUser(req);
if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
// غیرفعال کردن همه

10
app/api/gameweeks/route.ts
View File

@@ -1,16 +1,14 @@
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
export async function GET() {
import { getApiUser } from "@/lib/apiAuth";
export async function GET(req: NextRequest) {
const gameweeks = await db.gameweek.findMany({ orderBy: { number: "asc" } });
return NextResponse.json(gameweeks);
}
export async function POST(req: NextRequest) {
const session = await getServerSession(authOptions);
if (!session || (session.user as any).role !== "ADMIN")
const apiUser = await getApiUser(req);
if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const body = await req.json();

9
app/api/golden-cards/[id]/add-to-team/route.ts
View File

@@ -1,7 +1,6 @@
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { getApiUser } from "@/lib/apiAuth";
import {
getAutoPlacement,
getPositionLabel,
@@ -9,10 +8,10 @@ import {
} from "@/lib/specialCards";
export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const session = await getServerSession(authOptions);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const apiUser = await getApiUser(req);
if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const userId = (session.user as any).id;
const userId = apiUser.id;
const { id } = await params;
const { replacePlayerId } = await req.json().catch(() => ({}));

10
app/api/golden-cards/[id]/reveal/route.ts
View File

@@ -1,14 +1,12 @@
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { getApiUser } from "@/lib/apiAuth";
// POST /api/golden-cards/[id]/reveal
export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const session = await getServerSession(authOptions);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const apiUser = await getApiUser(req);
if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const userId = (session.user as any).id;
const userId = apiUser.id;
const { id } = await params;
const card = await db.goldenCard.findUnique({ where: { id } });

11
app/api/golden-cards/[id]/sell/route.ts
View File

@@ -1,14 +1,13 @@
import { NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { getApiUser } from "@/lib/apiAuth";
import { getSpecialCardSalePrice } from "@/lib/specialCards";
export async function POST(_: Request, { params }: { params: Promise<{ id: string }> }) {
const session = await getServerSession(authOptions);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
export async function POST(req: Request, { params }: { params: Promise<{ id: string }> }) {
const apiUser = await getApiUser(req);
if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const userId = (session.user as any).id;
const userId = apiUser.id;
const { id } = await params;
const card = await db.goldenCard.findUnique({

14
app/api/golden-cards/route.ts
View File

@@ -1,14 +1,12 @@
import { NextResponse } from "next/server";
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { getApiUser } from "@/lib/apiAuth";
// GET /api/golden-cards - get current user's golden cards
export async function GET() {
const session = await getServerSession(authOptions);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
export async function GET(req: NextRequest) {
const apiUser = await getApiUser(req);
if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const userId = (session.user as any).id;
const userId = apiUser.id;
const cards = await db.goldenCard.findMany({
where: { userId },

16
app/api/matches/[id]/route.ts
View File

@@ -1,9 +1,7 @@
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
export async function GET(_: NextRequest, { params }: { params: Promise<{ id: string }> }) {
import { getApiUser } from "@/lib/apiAuth";
export async function GET(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const { id } = await params;
const match = await db.match.findUnique({
where: { id },
@@ -15,8 +13,8 @@ export async function GET(_: NextRequest, { params }: { params: Promise<{ id: st
export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const { id } = await params;
const session = await getServerSession(authOptions);
if (!session || (session.user as any).role !== "ADMIN")
const apiUser = await getApiUser(req);
if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const body = await req.json();
@@ -30,10 +28,10 @@ export async function PUT(req: NextRequest, { params }: { params: Promise<{ id:
return NextResponse.json(match);
}
export async function DELETE(_: NextRequest, { params }: { params: Promise<{ id: string }> }) {
export async function DELETE(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const { id } = await params;
const session = await getServerSession(authOptions);
if (!session || (session.user as any).role !== "ADMIN")
const apiUser = await getApiUser(req);
if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
await db.match.delete({ where: { id } });

7
app/api/matches/[id]/stats/route.ts
View File

@@ -1,13 +1,12 @@
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { getApiUser } from "@/lib/apiAuth";
import { calculateMatchPoints } from "@/lib/points";
export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const { id } = await params;
const session = await getServerSession(authOptions);
if (!session || (session.user as any).role !== "ADMIN")
const apiUser = await getApiUser(req);
if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const stats: Array<{

10
app/api/matches/route.ts
View File

@@ -1,9 +1,7 @@
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
export async function GET() {
import { getApiUser } from "@/lib/apiAuth";
export async function GET(req: NextRequest) {
const matches = await db.match.findMany({
include: {
homeTeam: true,
@@ -16,8 +14,8 @@ export async function GET() {
}
export async function POST(req: NextRequest) {
const session = await getServerSession(authOptions);
if (!session || (session.user as any).role !== "ADMIN")
const apiUser = await getApiUser(req);
if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const body = await req.json();

9
app/api/payment/request/route.ts
View File

@@ -1,15 +1,14 @@
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { getApiUser } from "@/lib/apiAuth";
import { requestPayment } from "@/lib/zarinpal";
export async function POST(req: NextRequest) {
const session = await getServerSession(authOptions);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const apiUser = await getApiUser(req);
if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const { packageId } = await req.json();
const userId = (session.user as any).id;
const userId = apiUser.id;
const pkg = await db.package.findUnique({ where: { id: packageId } });
if (!pkg || !pkg.isActive) return NextResponse.json({ error: "پکیج پیدا نشد" }, { status: 404 });

12
app/api/players/[id]/route.ts
View File

@@ -1,12 +1,10 @@
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { getApiUser } from "@/lib/apiAuth";
export async function PUT(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const { id } = await params;
const session = await getServerSession(authOptions);
if (!session || (session.user as any).role !== "ADMIN") {
const apiUser = await getApiUser(req);
if (!apiUser || apiUser.role !== "ADMIN") {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
}
@@ -24,8 +22,8 @@ export async function PUT(req: NextRequest, { params }: { params: Promise<{ id:
export async function DELETE(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const { id } = await params;
const session = await getServerSession(authOptions);
if (!session || (session.user as any).role !== "ADMIN") {
const apiUser = await getApiUser(req);
if (!apiUser || apiUser.role !== "ADMIN") {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
}

8
app/api/players/route.ts
View File

@@ -1,8 +1,6 @@
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { getApiUser } from "@/lib/apiAuth";
export async function GET(req: NextRequest) {
const { searchParams } = new URL(req.url);
const position = searchParams.get("position");
@@ -21,8 +19,8 @@ export async function GET(req: NextRequest) {
}
export async function POST(req: NextRequest) {
const session = await getServerSession(authOptions);
if (!session || (session.user as any).role !== "ADMIN") {
const apiUser = await getApiUser(req);
if (!apiUser || apiUser.role !== "ADMIN") {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
}

14
app/api/quiz/my-results/route.ts
View File

@@ -1,14 +1,12 @@
import { NextResponse } from "next/server";
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { getApiUser } from "@/lib/apiAuth";
// GET /api/quiz/my-results
export async function GET() {
const session = await getServerSession(authOptions);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
export async function GET(req: NextRequest) {
const apiUser = await getApiUser(req);
if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const userId = (session.user as any).id;
const userId = apiUser.id;
const submissions = await db.quizSubmission.findMany({
where: { userId },

9
app/api/quiz/submit/route.ts
View File

@@ -1,15 +1,14 @@
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { getApiUser } from "@/lib/apiAuth";
import { CARD_TIER_LABELS, resolveQuizRewardTier } from "@/lib/cardTier";
// POST /api/quiz/submit
export async function POST(req: NextRequest) {
const session = await getServerSession(authOptions);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const apiUser = await getApiUser(req);
if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const userId = (session.user as any).id;
const userId = apiUser.id;
const { quizId, answers } = await req.json();
if (!quizId || !Array.isArray(answers)) {

10
app/api/rounds/[id]/activate/route.ts
View File

@@ -1,12 +1,10 @@
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
export async function POST(_: NextRequest, { params }: { params: Promise<{ id: string }> }) {
import { getApiUser } from "@/lib/apiAuth";
export async function POST(req: NextRequest, { params }: { params: Promise<{ id: string }> }) {
const { id } = await params;
const session = await getServerSession(authOptions);
if (!session || (session.user as any).role !== "ADMIN")
const apiUser = await getApiUser(req);
if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const currentRound = await db.round.findUnique({ where: { id } });

18
app/api/rounds/route.ts
View File

@@ -1,16 +1,14 @@
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
export async function GET() {
import { getApiUser } from "@/lib/apiAuth";
export async function GET(req: NextRequest) {
const rounds = await db.round.findMany({ orderBy: { number: "asc" } });
return NextResponse.json(rounds);
}
export async function POST(req: NextRequest) {
const session = await getServerSession(authOptions);
if (!session || (session.user as any).role !== "ADMIN")
const apiUser = await getApiUser(req);
if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const { number, name, deadline } = await req.json();
@@ -25,8 +23,8 @@ export async function POST(req: NextRequest) {
}
export async function PUT(req: NextRequest) {
const session = await getServerSession(authOptions);
if (!session || (session.user as any).role !== "ADMIN")
const apiUser = await getApiUser(req);
if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const { id, number, name, deadline } = await req.json();
@@ -39,8 +37,8 @@ export async function PUT(req: NextRequest) {
}
export async function DELETE(req: NextRequest) {
const session = await getServerSession(authOptions);
if (!session || (session.user as any).role !== "ADMIN")
const apiUser = await getApiUser(req);
if (!apiUser || apiUser.role !== "ADMIN")
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const { id } = await req.json();

10
app/api/team/captain/route.ts
View File

@@ -1,14 +1,12 @@
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { getApiUser } from "@/lib/apiAuth";
export async function PUT(req: NextRequest) {
const session = await getServerSession(authOptions);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const apiUser = await getApiUser(req);
if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const { playerId, type } = await req.json();
const team = await db.team.findUnique({ where: { userId: (session.user as any).id } });
const team = await db.team.findUnique({ where: { userId: apiUser.id } });
if (!team) return NextResponse.json({ error: "تیم پیدا نشد" }, { status: 404 });
if (type === "captain") {

9
app/api/team/formation/route.ts
View File

@@ -1,18 +1,17 @@
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { getApiUser } from "@/lib/apiAuth";
import { getFormationChangeIssues, FORMATIONS } from "@/lib/teamValidation";
export async function PUT(req: NextRequest) {
const session = await getServerSession(authOptions);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const apiUser = await getApiUser(req);
if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const { formation } = await req.json();
if (!FORMATIONS[formation]) return NextResponse.json({ error: "ترکیب نامعتبر" }, { status: 400 });
const team = await db.team.findUnique({
where: { userId: (session.user as any).id },
where: { userId: apiUser.id },
include: { players: { include: { player: true } } },
});
if (!team) return NextResponse.json({ error: "تیم پیدا نشد" }, { status: 404 });

16
app/api/team/players/route.ts
View File

@@ -1,14 +1,12 @@
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { getApiUser } from "@/lib/apiAuth";
export async function POST(req: NextRequest) {
const session = await getServerSession(authOptions);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const apiUser = await getApiUser(req);
if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const { playerId, isBench } = await req.json();
const userId = (session.user as any).id;
const userId = apiUser.id;
const team = await db.team.findUnique({
where: { userId },
@@ -49,11 +47,11 @@ export async function POST(req: NextRequest) {
}
export async function DELETE(req: NextRequest) {
const session = await getServerSession(authOptions);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const apiUser = await getApiUser(req);
if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const { playerId } = await req.json();
const userId = (session.user as any).id;
const userId = apiUser.id;
const team = await db.team.findUnique({
where: { userId },

18
app/api/team/route.ts
View File

@@ -1,14 +1,12 @@
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
export async function GET() {
const session = await getServerSession(authOptions);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
import { getApiUser } from "@/lib/apiAuth";
export async function GET(req: NextRequest) {
const apiUser = await getApiUser(req);
if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const team = await db.team.findUnique({
where: { userId: (session.user as any).id },
where: { userId: apiUser.id },
include: {
players: {
include: { player: true },
@@ -20,11 +18,11 @@ export async function GET() {
}
export async function POST(req: NextRequest) {
const session = await getServerSession(authOptions);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const apiUser = await getApiUser(req);
if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const { name, formation } = await req.json();
const userId = (session.user as any).id;
const userId = apiUser.id;
// بررسی وجود کاربر
const user = await db.user.findUnique({ where: { id: userId } });

13
app/api/team/submit/route.ts
View File

@@ -1,15 +1,14 @@
import { NextResponse } from "next/server";
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { getApiUser } from "@/lib/apiAuth";
import { validateTeamComposition } from "@/lib/teamValidation";
export async function POST() {
const session = await getServerSession(authOptions);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
export async function POST(req: NextRequest) {
const apiUser = await getApiUser(req);
if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const team = await db.team.findUnique({
where: { userId: (session.user as any).id },
where: { userId: apiUser.id },
include: { players: { include: { player: true } } },
});

16
app/api/test-session/route.ts
View File

@@ -1,16 +1,14 @@
import { NextResponse } from "next/server";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
export async function GET() {
const session = await getServerSession(authOptions);
import { getApiUser } from "@/lib/apiAuth";
export async function GET(req: NextRequest) {
const apiUser = await getApiUser(req);
if (!session) {
if (!apiUser) {
return NextResponse.json({ error: "No session" }, { status: 401 });
}
const userId = (session.user as any).id;
const userId = apiUser.id;
// بررسی وجود کاربر در دیتابیس
const user = await db.user.findUnique({
@@ -20,7 +18,7 @@ export async function GET() {
return NextResponse.json({
session: {
user: session.user,
user: apiUser,
userId: userId,
},
userInDb: user,

10
app/api/user/profile/route.ts
View File

@@ -1,15 +1,13 @@
import { NextRequest, NextResponse } from "next/server";
import { db } from "@/lib/db";
import { getServerSession } from "next-auth";
import { authOptions } from "@/lib/auth";
import { getApiUser } from "@/lib/apiAuth";
export async function PUT(req: NextRequest) {
const session = await getServerSession(authOptions);
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const apiUser = await getApiUser(req);
if (!apiUser) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const { name } = await req.json();
const user = await db.user.update({
where: { id: (session.user as any).id },
where: { id: apiUser.id },
data: { name },
});
return NextResponse.json({ name: user.name });

5
lib/apiAuth.ts
View File

@@ -1,9 +1,8 @@
import { NextRequest } from "next/server";
import { getServerSession } from "next-auth";
import { db } from "@/lib/db";
import { authOptions } from "@/lib/auth";
export async function getApiUser(req: NextRequest) {
export async function getApiUser(req: Request) {
const authHeader = req.headers.get("authorization");
const bearerToken = authHeader?.match(/^Bearer\s+(.+)$/i)?.[1];
@@ -25,7 +24,7 @@ export async function getApiUser(req: NextRequest) {
return db.user.findUnique({ where: { id: userId } });
}
export async function requireApiAdmin(req: NextRequest) {
export async function requireApiAdmin(req: Request) {
const user = await getApiUser(req);
if (!user || user.role !== "ADMIN") return null;
return user;