RKWojs
c1bb4c44fd
- Updated next-auth dependency in package.json to version 5.0.0-beta.29. - Refactored create-admin script to use a valid email format. - Implemented authentication middleware for various API routes to enforce access control. - Refactored API route handlers to improve readability and maintainability. - Enhanced error handling in authentication error page. - Added detailed tests for authentication flow, including protected routes and NextAuth endpoints.
54 lines
1.1 KiB
JavaScript
54 lines
1.1 KiB
JavaScript
import db from "@/lib/db";
|
|
import { NextResponse } from "next/server";
|
|
import { withReadAuth, withUserAuth } from "@/lib/middleware/auth";
|
|
|
|
async function getContractsHandler() {
|
|
const contracts = db
|
|
.prepare(
|
|
`
|
|
SELECT
|
|
contract_id,
|
|
contract_number,
|
|
contract_name,
|
|
customer,
|
|
investor,
|
|
date_signed,
|
|
finish_date
|
|
FROM contracts
|
|
ORDER BY contract_number
|
|
`
|
|
)
|
|
.all();
|
|
return NextResponse.json(contracts);
|
|
}
|
|
|
|
async function createContractHandler(req) {
|
|
const data = await req.json();
|
|
db.prepare(
|
|
`
|
|
INSERT INTO contracts (
|
|
contract_number,
|
|
contract_name,
|
|
customer_contract_number,
|
|
customer,
|
|
investor,
|
|
date_signed,
|
|
finish_date
|
|
) VALUES (?, ?, ?, ?, ?, ?, ?)
|
|
`
|
|
).run(
|
|
data.contract_number,
|
|
data.contract_name,
|
|
data.customer_contract_number,
|
|
data.customer,
|
|
data.investor,
|
|
data.date_signed,
|
|
data.finish_date
|
|
);
|
|
return NextResponse.json({ success: true });
|
|
}
|
|
|
|
// Protected routes - require authentication
|
|
export const GET = withReadAuth(getContractsHandler);
|
|
export const POST = withUserAuth(createContractHandler);
|