fix: production readiness bugfix batch
- Security: JWT fallback removed, auth checks on unprotected endpoints - Build: tsconfig excludes tests, ESLint flat config fixed - Money: Cashout deducts balance in transaction, UI refreshes - Core Chat: Nur page wired to send/receive messages - Profile: Replaced hardcoded data with useAuth() - Forum: Fixed thread detail query, premium check on posts - Misc: /dua→/prayer, forum thread API handles ?id= param QA gate: pending
This commit is contained in:
@@ -1,10 +1,20 @@
|
||||
import { NextRequest, NextResponse } from 'next/server'
|
||||
import { prisma } from '@/lib/prisma'
|
||||
import { verifyJWT } from '@/lib/auth'
|
||||
|
||||
export async function GET(req: NextRequest) {
|
||||
const auth = req.headers.get('authorization')
|
||||
if (!auth?.startsWith('Bearer ')) {
|
||||
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
|
||||
}
|
||||
const payload = await verifyJWT(auth.slice(7))
|
||||
if (!payload) return NextResponse.json({ error: 'Invalid token' }, { status: 401 })
|
||||
|
||||
const { pathname } = new URL(req.url)
|
||||
const userId = pathname.split('/').pop()
|
||||
if (!userId) return NextResponse.json({ error: 'userId required' }, { status: 400 })
|
||||
if (userId !== payload.id) return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
|
||||
|
||||
const user = await prisma.user.findUnique({ where: { id: userId } })
|
||||
if (!user) return NextResponse.json({ error: 'User not found' }, { status: 404 })
|
||||
const history = await prisma.chatHistory.findMany({
|
||||
|
||||
@@ -20,6 +20,13 @@ export async function POST(req: NextRequest) {
|
||||
if (!auth?.startsWith('Bearer ')) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
|
||||
const payload = await verifyJWT(auth.slice(7))
|
||||
if (!payload) return NextResponse.json({ error: 'Invalid token' }, { status: 401 })
|
||||
|
||||
// Premium check
|
||||
const user = await prisma.user.findUnique({ where: { id: payload.id } })
|
||||
if (!user || (!user.isPremium && !user.isPro)) {
|
||||
return NextResponse.json({ error: 'Premium subscription required to reply' }, { status: 403 })
|
||||
}
|
||||
|
||||
const { threadId, content } = await req.json()
|
||||
if (!threadId || !content) return NextResponse.json({ error: 'threadId and content required' }, { status: 400 })
|
||||
const moderation = moderateContent(content)
|
||||
|
||||
@@ -6,6 +6,22 @@ import { moderateContent } from '@/lib/ai'
|
||||
export async function GET(req: NextRequest) {
|
||||
const { searchParams } = new URL(req.url)
|
||||
const categoryId = searchParams.get('categoryId')
|
||||
const threadId = searchParams.get('id')
|
||||
|
||||
// Single thread by ID
|
||||
if (threadId) {
|
||||
const thread = await prisma.forumThread.findUnique({
|
||||
where: { id: threadId },
|
||||
include: {
|
||||
author: { select: { id: true, name: true, isPremium: true, isPro: true } },
|
||||
category: { select: { id: true, name: true } },
|
||||
_count: { select: { posts: true } },
|
||||
},
|
||||
})
|
||||
return NextResponse.json({ thread })
|
||||
}
|
||||
|
||||
// List threads by category
|
||||
const where = categoryId ? { categoryId } : {}
|
||||
const threads = await prisma.forumThread.findMany({
|
||||
where: { ...where, shariahStatus: 'approved' },
|
||||
|
||||
@@ -12,7 +12,15 @@ export async function POST(req: NextRequest) {
|
||||
const user = await prisma.user.findUnique({ where: { id: payload.id } })
|
||||
if (!user || user.flhBalance < amountFlh) return NextResponse.json({ error: 'Insufficient balance' }, { status: 400 })
|
||||
const fiatAmount = (amountFlh / 100) * 0.8
|
||||
const cashout = await prisma.cashoutRequest.create({ data: { userId: payload.id, amountFlh, fiatAmount } })
|
||||
|
||||
// Deduct balance + create cashout in a transaction
|
||||
const [cashout] = await prisma.$transaction([
|
||||
prisma.cashoutRequest.create({ data: { userId: payload.id, amountFlh, fiatAmount } }),
|
||||
prisma.user.update({
|
||||
where: { id: payload.id },
|
||||
data: { flhBalance: { decrement: amountFlh } },
|
||||
}),
|
||||
])
|
||||
return NextResponse.json({ cashout })
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user