chris/beachPartyBalloons
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix store-status route always returning 401

Browse Source 
The route had a redundant isAuthed() checking for 'bpb_admin' cookie,
but login sets 'admin_token'. The middleware already guards all
/api/admin/* routes, so the in-route check was just wrong.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
chris 2026-06-11 14:53:39 -04:00
parent 9cac3a8e8a
commit e7af5bca4a
1 changed files with 0 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
estore/src/app/api/admin/store-status/route.ts
View File

@ -1,18 +1,11 @@
import { NextRequest, NextResponse } from 'next/server' import { NextRequest, NextResponse } from 'next/server'
import { getStoreStatus, setStoreStatus } from '@/lib/store-status' import { getStoreStatus, setStoreStatus } from '@/lib/store-status'
import { cookies } from 'next/headers'
function isAuthed() {
return cookies().get('bpb_admin')?.value === 'true'
}
export async function GET() { export async function GET() {
if (!isAuthed()) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
return NextResponse.json(await getStoreStatus()) return NextResponse.json(await getStoreStatus())
} }
export async function PUT(req: NextRequest) { export async function PUT(req: NextRequest) {
if (!isAuthed()) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
const body = await req.json() const body = await req.json()
const status = { const status = {
closed: Boolean(body.closed), closed: Boolean(body.closed),