fix: production readiness bugfix batch

- Security: JWT fallback removed, auth checks on unprotected endpoints
- Build: tsconfig excludes tests, ESLint flat config fixed
- Money: Cashout deducts balance in transaction, UI refreshes
- Core Chat: Nur page wired to send/receive messages
- Profile: Replaced hardcoded data with useAuth()
- Forum: Fixed thread detail query, premium check on posts
- Misc: /dua→/prayer, forum thread API handles ?id= param

QA gate: pending
This commit is contained in:
FalahMobile
2026-07-06 20:20:31 +08:00
parent 9f33038c37
commit d7b2d19359
13 changed files with 382 additions and 53 deletions
@@ -1,10 +1,20 @@
import { NextRequest, NextResponse } from 'next/server'
import { prisma } from '@/lib/prisma'
import { verifyJWT } from '@/lib/auth'
export async function GET(req: NextRequest) {
const auth = req.headers.get('authorization')
if (!auth?.startsWith('Bearer ')) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
}
const payload = await verifyJWT(auth.slice(7))
if (!payload) return NextResponse.json({ error: 'Invalid token' }, { status: 401 })
const { pathname } = new URL(req.url)
const userId = pathname.split('/').pop()
if (!userId) return NextResponse.json({ error: 'userId required' }, { status: 400 })
if (userId !== payload.id) return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
const user = await prisma.user.findUnique({ where: { id: userId } })
if (!user) return NextResponse.json({ error: 'User not found' }, { status: 404 })
const history = await prisma.chatHistory.findMany({
+7
View File
@@ -20,6 +20,13 @@ export async function POST(req: NextRequest) {
if (!auth?.startsWith('Bearer ')) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
const payload = await verifyJWT(auth.slice(7))
if (!payload) return NextResponse.json({ error: 'Invalid token' }, { status: 401 })
// Premium check
const user = await prisma.user.findUnique({ where: { id: payload.id } })
if (!user || (!user.isPremium && !user.isPro)) {
return NextResponse.json({ error: 'Premium subscription required to reply' }, { status: 403 })
}
const { threadId, content } = await req.json()
if (!threadId || !content) return NextResponse.json({ error: 'threadId and content required' }, { status: 400 })
const moderation = moderateContent(content)
+16
View File
@@ -6,6 +6,22 @@ import { moderateContent } from '@/lib/ai'
export async function GET(req: NextRequest) {
const { searchParams } = new URL(req.url)
const categoryId = searchParams.get('categoryId')
const threadId = searchParams.get('id')
// Single thread by ID
if (threadId) {
const thread = await prisma.forumThread.findUnique({
where: { id: threadId },
include: {
author: { select: { id: true, name: true, isPremium: true, isPro: true } },
category: { select: { id: true, name: true } },
_count: { select: { posts: true } },
},
})
return NextResponse.json({ thread })
}
// List threads by category
const where = categoryId ? { categoryId } : {}
const threads = await prisma.forumThread.findMany({
where: { ...where, shariahStatus: 'approved' },
+9 -1
View File
@@ -12,7 +12,15 @@ export async function POST(req: NextRequest) {
const user = await prisma.user.findUnique({ where: { id: payload.id } })
if (!user || user.flhBalance < amountFlh) return NextResponse.json({ error: 'Insufficient balance' }, { status: 400 })
const fiatAmount = (amountFlh / 100) * 0.8
const cashout = await prisma.cashoutRequest.create({ data: { userId: payload.id, amountFlh, fiatAmount } })
// Deduct balance + create cashout in a transaction
const [cashout] = await prisma.$transaction([
prisma.cashoutRequest.create({ data: { userId: payload.id, amountFlh, fiatAmount } }),
prisma.user.update({
where: { id: payload.id },
data: { flhBalance: { decrement: amountFlh } },
}),
])
return NextResponse.json({ cashout })
}