97 lines
3.0 KiB
TypeScript
97 lines
3.0 KiB
TypeScript
|
import { type NextRequest, NextResponse } from "next/server";
|
||
|
|
|
||
|
|
import { gatewayUrl } from "@/lib/api/gateway";
|
||
|
|
import { getAccessToken } from "@/lib/auth/session";
|
||
|
|
import { decodeJwt } from "@/lib/auth/jwt";
|
||
|
|
|
||
|
|
export const dynamic = "force-dynamic";
|
||
|
|
|
||
|
|
/**
|
||
|
|
* Generic admin proxy: forwards GET/POST/PUT/DELETE for any admin resource to the V2
|
||
|
|
* gateway under /v1/<path>, attaching the admin's bearer token. Admin-gated server-side.
|
||
|
|
*
|
||
|
|
* /api/admin/resource/categories → /v1/categories
|
||
|
|
* /api/admin/resource/categories/<id> → /v1/categories/<id>
|
||
|
|
* /api/admin/resource/users?page=1 → /v1/users?page=1
|
||
|
|
*
|
||
|
|
* Query string is preserved.
|
||
|
|
*/
|
||
|
|
async function forward(
|
||
|
|
req: NextRequest,
|
||
|
|
path: string[],
|
||
|
|
method: "GET" | "POST" | "PUT" | "DELETE"
|
||
|
|
): Promise<NextResponse> {
|
||
|
|
const token = await getAccessToken();
|
||
|
|
if (!token) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
||
|
|
|
||
|
|
const claims = decodeJwt(token);
|
||
|
|
const isAdmin =
|
||
|
|
String(claims?.is_admin) === "true" ||
|
||
|
|
claims?.is_admin === true ||
|
||
|
|
String(claims?.is_tenant_admin) === "true";
|
||
|
|
if (!isAdmin) return NextResponse.json({ error: "Forbidden" }, { status: 403 });
|
||
|
|
|
||
|
|
const search = req.nextUrl.search ?? "";
|
||
|
|
// Trailing slash on the collection root avoids the gateway's 307 redirect.
|
||
|
|
const joined = path.join("/");
|
||
|
|
const gwPath = `/v1/${joined}${path.length === 1 && method === "GET" ? "/" : ""}${search}`;
|
||
|
|
|
||
|
|
let body: string | undefined;
|
||
|
|
if (method === "POST" || method === "PUT") {
|
||
|
|
const json = await req.json().catch(() => ({}));
|
||
|
|
body = JSON.stringify(json);
|
||
|
|
}
|
||
|
|
|
||
|
|
const res = await fetch(gatewayUrl(gwPath), {
|
||
|
|
method,
|
||
|
|
cache: "no-store",
|
||
|
|
headers: {
|
||
|
|
Accept: "application/json",
|
||
|
|
"Content-Type": "application/json",
|
||
|
|
Authorization: `Bearer ${token}`,
|
||
|
|
},
|
||
|
|
body,
|
||
|
|
redirect: "follow",
|
||
|
|
});
|
||
|
|
|
||
|
|
const text = await res.text();
|
||
|
|
const data = text ? safeJson(text) : null;
|
||
|
|
if (!res.ok) {
|
||
|
|
const errObj = data?.error;
|
||
|
|
const message =
|
||
|
|
(typeof errObj === "object" && errObj?.message) ||
|
||
|
|
(typeof errObj === "string" ? errObj : undefined) ||
|
||
|
|
data?.message ||
|
||
|
|
"Gateway error";
|
||
|
|
return NextResponse.json({ error: message }, { status: res.status });
|
||
|
|
}
|
||
|
|
return NextResponse.json(data ?? {}, { status: 200 });
|
||
|
|
}
|
||
|
|
|
||
|
|
interface GatewayResponse {
|
||
|
|
error?: { message?: string } | string;
|
||
|
|
message?: string;
|
||
|
|
[key: string]: unknown;
|
||
|
|
}
|
||
|
|
|
||
|
|
function safeJson(t: string): GatewayResponse | null {
|
||
|
|
try {
|
||
|
|
return JSON.parse(t) as GatewayResponse;
|
||
|
|
} catch {
|
||
|
|
return null;
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
export async function GET(req: NextRequest, ctx: { params: { path: string[] } }) {
|
||
|
|
return forward(req, ctx.params.path, "GET");
|
||
|
|
}
|
||
|
|
export async function POST(req: NextRequest, ctx: { params: { path: string[] } }) {
|
||
|
|
return forward(req, ctx.params.path, "POST");
|
||
|
|
}
|
||
|
|
export async function PUT(req: NextRequest, ctx: { params: { path: string[] } }) {
|
||
|
|
return forward(req, ctx.params.path, "PUT");
|
||
|
|
}
|
||
|
|
export async function DELETE(req: NextRequest, ctx: { params: { path: string[] } }) {
|
||
|
|
return forward(req, ctx.params.path, "DELETE");
|
||
|
|
}
|