trentuna/candle-annotator
8
0
Fork 0
Code Issues Pull requests Releases Packages Activity Actions

Add getAuthUser() auth guard to all data API routes (task 7.1)

Browse source 
Add 401 Unauthorized check at the top of every handler in:
- /api/upload (POST)
- /api/candles (GET)
- /api/charts (GET) and /api/charts/[id] (GET, DELETE)
- /api/annotations (GET, POST, DELETE) and /api/annotations/[id] (PATCH, DELETE)
- /api/annotation-types (GET, POST, DELETE) and /api/annotation-types/[id] (PATCH)
- /api/span-annotations (GET, POST, DELETE), /[id] (PATCH, DELETE), /export (GET)
- /api/span-label-types (GET, POST) and /[id] (PATCH, DELETE)
- /api/export (GET) and /api/export/spans (GET)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Marko Djordjevic 2026-02-20 10:26:09 +01:00
parent aa2c5fdb69
commit 9901d0f3f1
16 changed files with 146 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/app/api/charts/[id]/route.ts
View file

@ -2,11 +2,17 @@ import { NextRequest, NextResponse } from 'next/server';
import { db } from '@/lib/db';
import { charts, candles, annotations, spanAnnotations } from '@/lib/db/schema';
import { eq } from 'drizzle-orm';
import { getAuthUser } from '@/lib/auth';
export async function GET(
_request: NextRequest,
{ params }: { params: Promise<{ id: string }> }
) {
const user = await getAuthUser();
if (!user) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const { id } = await params;
const chartId = parseInt(id, 10);
@ -27,6 +33,11 @@ export async function DELETE(
_request: NextRequest,
{ params }: { params: Promise<{ id: string }> }
) {
const user = await getAuthUser();
if (!user) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const { id } = await params;
const chartId = parseInt(id, 10);

6
src/app/api/charts/route.ts
View file

@ -2,8 +2,14 @@ import { NextResponse } from 'next/server';
import { db } from '@/lib/db';
import { charts } from '@/lib/db/schema';
import { desc } from 'drizzle-orm';
import { getAuthUser } from '@/lib/auth';
export async function GET() {
const user = await getAuthUser();
if (!user) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const allCharts = await db.select().from(charts).orderBy(desc(charts.created_at));
return NextResponse.json(allCharts);
}