Admin/panel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: upgrade next-auth to v5.0.0-beta.29 and refactor authentication middleware

Browse Source 
- Updated next-auth dependency in package.json to version 5.0.0-beta.29.
- Refactored create-admin script to use a valid email format.
- Implemented authentication middleware for various API routes to enforce access control.
- Refactored API route handlers to improve readability and maintainability.
- Enhanced error handling in authentication error page.
- Added detailed tests for authentication flow, including protected routes and NextAuth endpoints.
This commit is contained in:
RKWojs
2025-06-25 12:32:13 +02:00
parent 035a0386d7
commit c1bb4c44fd
24 changed files with 626 additions and 369 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/app/api/all-project-tasks/route.js
View File

@@ -1,8 +1,9 @@
import { getAllProjectTasks } from "@/lib/queries/tasks";
import { NextResponse } from "next/server";
import { withReadAuth } from "@/lib/middleware/auth";
// GET: Get all project tasks across all projects
export async function GET() {
async function getAllProjectTasksHandler() {
try {
const tasks = getAllProjectTasks();
return NextResponse.json(tasks);
@@ -13,3 +14,6 @@ export async function GET() {
);
}
}
// Protected routes - require authentication
export const GET = withReadAuth(getAllProjectTasksHandler);

5
src/app/api/auth/[...nextauth]/route.js
View File

@@ -1,4 +1,3 @@
import NextAuth from "@/lib/auth"
import { handlers } from "@/lib/auth"
export const GET = NextAuth
export const POST = NextAuth
export const { GET, POST } = handlers

9
src/app/api/contracts/[id]/route.js
View File

@@ -1,7 +1,8 @@
import db from "@/lib/db";
import { NextResponse } from "next/server";
import { withReadAuth, withUserAuth } from "@/lib/middleware/auth";
export async function GET(req, { params }) {
async function getContractHandler(req, { params }) {
const { id } = await params;
const contract = db
@@ -20,7 +21,7 @@ export async function GET(req, { params }) {
return NextResponse.json(contract);
}
export async function DELETE(req, { params }) {
async function deleteContractHandler(req, { params }) {
const { id } = params;
try {
@@ -57,3 +58,7 @@ export async function DELETE(req, { params }) {
);
}
}
// Protected routes - require authentication
export const GET = withReadAuth(getContractHandler);
export const DELETE = withUserAuth(deleteContractHandler);

9
src/app/api/contracts/route.js
View File

@@ -1,7 +1,8 @@
import db from "@/lib/db";
import { NextResponse } from "next/server";
import { withReadAuth, withUserAuth } from "@/lib/middleware/auth";
export async function GET() {
async function getContractsHandler() {
const contracts = db
.prepare(
`
@@ -21,7 +22,7 @@ export async function GET() {
return NextResponse.json(contracts);
}
export async function POST(req) {
async function createContractHandler(req) {
const data = await req.json();
db.prepare(
`
@@ -46,3 +47,7 @@ export async function POST(req) {
);
return NextResponse.json({ success: true });
}
// Protected routes - require authentication
export const GET = withReadAuth(getContractsHandler);
export const POST = withUserAuth(createContractHandler);

12
src/app/api/notes/route.js
View File

@@ -1,7 +1,8 @@
import db from "@/lib/db";
import { NextResponse } from "next/server";
import { withUserAuth } from "@/lib/middleware/auth";
export async function POST(req) {
async function createNoteHandler(req) {
const { project_id, task_id, note } = await req.json();
if (!note || (!project_id && !task_id)) {
@@ -18,7 +19,7 @@ export async function POST(req) {
return NextResponse.json({ success: true });
}
export async function DELETE(_, { params }) {
async function deleteNoteHandler(_, { params }) {
const { id } = params;
db.prepare("DELETE FROM notes WHERE note_id = ?").run(id);
@@ -26,7 +27,7 @@ export async function DELETE(_, { params }) {
return NextResponse.json({ success: true });
}
export async function PUT(req, { params }) {
async function updateNoteHandler(req, { params }) {
const noteId = params.id;
const { note } = await req.json();
@@ -42,3 +43,8 @@ export async function PUT(req, { params }) {
return NextResponse.json({ success: true });
}
// Protected routes - require authentication
export const POST = withUserAuth(createNoteHandler);
export const DELETE = withUserAuth(deleteNoteHandler);
export const PUT = withUserAuth(updateNoteHandler);

9
src/app/api/project-tasks/[id]/route.js
View File

@@ -3,9 +3,10 @@ import {
deleteProjectTask,
} from "@/lib/queries/tasks";
import { NextResponse } from "next/server";
import { withUserAuth } from "@/lib/middleware/auth";
// PATCH: Update project task status
export async function PATCH(req, { params }) {
async function updateProjectTaskHandler(req, { params }) {
try {
const { status } = await req.json();
@@ -27,7 +28,7 @@ export async function PATCH(req, { params }) {
}
// DELETE: Delete a project task
export async function DELETE(req, { params }) {
async function deleteProjectTaskHandler(req, { params }) {
try {
deleteProjectTask(params.id);
return NextResponse.json({ success: true });
@@ -38,3 +39,7 @@ export async function DELETE(req, { params }) {
);
}
}
// Protected routes - require authentication
export const PATCH = withUserAuth(updateProjectTaskHandler);
export const DELETE = withUserAuth(deleteProjectTaskHandler);

9
src/app/api/project-tasks/route.js
View File

@@ -5,9 +5,10 @@ import {
} from "@/lib/queries/tasks";
import { NextResponse } from "next/server";
import db from "@/lib/db";
import { withReadAuth, withUserAuth } from "@/lib/middleware/auth";
// GET: Get all project tasks or task templates based on query params
export async function GET(req) {
async function getProjectTasksHandler(req) {
const { searchParams } = new URL(req.url);
const projectId = searchParams.get("project_id");
@@ -23,7 +24,7 @@ export async function GET(req) {
}
// POST: Create a new project task
export async function POST(req) {
async function createProjectTaskHandler(req) {
try {
const data = await req.json();
@@ -113,3 +114,7 @@ export async function PATCH(req) {
);
}
}
// Protected routes - require authentication
export const GET = withReadAuth(getProjectTasksHandler);
export const POST = withUserAuth(createProjectTaskHandler);

12
src/app/api/projects/[id]/route.js
View File

@@ -4,19 +4,25 @@ import {
deleteProject,
} from "@/lib/queries/projects";
import { NextResponse } from "next/server";
import { withReadAuth, withUserAuth } from "@/lib/middleware/auth";
export async function GET(_, { params }) {
async function getProjectHandler(_, { params }) {
const project = getProjectById(params.id);
return NextResponse.json(project);
}
export async function PUT(req, { params }) {
async function updateProjectHandler(req, { params }) {
const data = await req.json();
updateProject(params.id, data);
return NextResponse.json({ success: true });
}
export async function DELETE(_, { params }) {
async function deleteProjectHandler(_, { params }) {
deleteProject(params.id);
return NextResponse.json({ success: true });
}
// Protected routes - require authentication
export const GET = withReadAuth(getProjectHandler);
export const PUT = withUserAuth(updateProjectHandler);
export const DELETE = withUserAuth(deleteProjectHandler);

12
src/app/api/task-notes/route.js
View File

@@ -4,9 +4,10 @@ import {
deleteNote,
} from "@/lib/queries/notes";
import { NextResponse } from "next/server";
import { withReadAuth, withUserAuth } from "@/lib/middleware/auth";
// GET: Get notes for a specific task
export async function GET(req) {
async function getTaskNotesHandler(req) {
const { searchParams } = new URL(req.url);
const taskId = searchParams.get("task_id");
@@ -26,7 +27,7 @@ export async function GET(req) {
}
// POST: Add a note to a task
export async function POST(req) {
async function addTaskNoteHandler(req) {
try {
const { task_id, note, is_system } = await req.json();
@@ -49,7 +50,7 @@ export async function POST(req) {
}
// DELETE: Delete a note
export async function DELETE(req) {
async function deleteTaskNoteHandler(req) {
try {
const { searchParams } = new URL(req.url);
const noteId = searchParams.get("note_id");
@@ -71,3 +72,8 @@ export async function DELETE(req) {
);
}
}
// Protected routes - require authentication
export const GET = withReadAuth(getTaskNotesHandler);
export const POST = withUserAuth(addTaskNoteHandler);
export const DELETE = withUserAuth(deleteTaskNoteHandler);

12
src/app/api/tasks/[id]/route.js
View File

@@ -1,8 +1,9 @@
import db from "@/lib/db";
import { NextResponse } from "next/server";
import { withReadAuth, withUserAuth } from "@/lib/middleware/auth";
// GET: Get a specific task template
export async function GET(req, { params }) {
async function getTaskHandler(req, { params }) {
try {
const template = db
.prepare("SELECT * FROM tasks WHERE task_id = ? AND is_standard = 1")
@@ -25,7 +26,7 @@ export async function GET(req, { params }) {
}
// PUT: Update a task template
export async function PUT(req, { params }) {
async function updateTaskHandler(req, { params }) {
try {
const { name, max_wait_days, description } = await req.json();
@@ -58,7 +59,7 @@ export async function PUT(req, { params }) {
}
// DELETE: Delete a task template
export async function DELETE(req, { params }) {
async function deleteTaskHandler(req, { params }) {
try {
const result = db
.prepare("DELETE FROM tasks WHERE task_id = ? AND is_standard = 1")
@@ -79,3 +80,8 @@ export async function DELETE(req, { params }) {
);
}
}
// Protected routes - require authentication
export const GET = withReadAuth(getTaskHandler);
export const PUT = withUserAuth(updateTaskHandler);
export const DELETE = withUserAuth(deleteTaskHandler);

6
src/app/api/tasks/route.js
View File

@@ -1,8 +1,9 @@
import db from "@/lib/db";
import { NextResponse } from "next/server";
import { withUserAuth } from "@/lib/middleware/auth";
// POST: create new template
export async function POST(req) {
async function createTaskHandler(req) {
const { name, max_wait_days, description } = await req.json();
if (!name) {
@@ -18,3 +19,6 @@ export async function POST(req) {
return NextResponse.json({ success: true });
}
// Protected routes - require authentication
export const POST = withUserAuth(createTaskHandler);

6
src/app/api/tasks/templates/route.js
View File

@@ -1,8 +1,12 @@
import { getAllTaskTemplates } from "@/lib/queries/tasks";
import { NextResponse } from "next/server";
import { withReadAuth } from "@/lib/middleware/auth";
// GET: Get all task templates
export async function GET() {
async function getTaskTemplatesHandler() {
const templates = getAllTaskTemplates();
return NextResponse.json(templates);
}
// Protected routes - require authentication
export const GET = withReadAuth(getTaskTemplatesHandler);