feat: pagina inbox e valida tokens do companion

2026-05-09 11:01:45 +00:00 · 2026-03-20 18:40:13 +00:00
parent 3c31ee5d90
commit 29551ee02f
12 changed files with 451 additions and 185 deletions
--- a/src/app/api/auth/device/refresh/route.ts
+++ b/src/app/api/auth/device/refresh/route.ts
@@ -1,4 +1,4 @@
-import { and, eq, isNull } from "drizzle-orm";
+import { and, eq, gt, isNull } from "drizzle-orm";
 import { NextResponse } from "next/server";
 import { apiTokens } from "@/db/schema";
 import {
@@ -38,6 +38,7 @@ export async function POST(request: Request) {
 				eq(apiTokens.id, payload.tokenId),
 				eq(apiTokens.userId, payload.sub),
 				isNull(apiTokens.revokedAt),
+				gt(apiTokens.expiresAt, new Date()),
 			),
 		});

@@ -65,8 +66,9 @@ export async function POST(request: Request) {
 				tokenHash: hashToken(result.accessToken),
 				lastUsedAt: new Date(),
 				lastUsedIp:
-					request.headers.get("x-forwarded-for") ||
-					request.headers.get("x-real-ip"),
+					request.headers.get("x-forwarded-for")?.split(",")[0]?.trim() ||
+					request.headers.get("x-real-ip") ||
+					null,
 				expiresAt: result.expiresAt,
 			})
 			.where(eq(apiTokens.id, payload.tokenId));
--- a/src/app/api/auth/device/tokens/[tokenId]/route.ts
+++ b/src/app/api/auth/device/tokens/[tokenId]/route.ts
@@ -39,7 +39,9 @@ export async function DELETE(_request: Request, { params }: RouteParams) {
 		await db
 			.update(apiTokens)
 			.set({ revokedAt: new Date() })
-			.where(eq(apiTokens.id, tokenId));
+			.where(
+				and(eq(apiTokens.id, tokenId), eq(apiTokens.userId, session.user.id)),
+			);

 		return NextResponse.json({
 			message: "Token revogado com sucesso",
--- a/src/app/api/auth/device/verify/route.ts
+++ b/src/app/api/auth/device/verify/route.ts
@@ -1,4 +1,4 @@
-import { and, eq, isNull } from "drizzle-orm";
+import { and, eq, gt, isNull } from "drizzle-orm";
 import { NextResponse } from "next/server";
 import { apiTokens } from "@/db/schema";
 import { extractBearerToken, hashToken } from "@/shared/lib/auth/api-token";
@@ -33,6 +33,7 @@ export async function POST(request: Request) {
 			where: and(
 				eq(apiTokens.tokenHash, tokenHash),
 				isNull(apiTokens.revokedAt),
+				gt(apiTokens.expiresAt, new Date()),
 			),
 		});

--- a/src/app/api/inbox/batch/route.ts
+++ b/src/app/api/inbox/batch/route.ts
@@ -1,4 +1,4 @@
-import { and, eq, isNull } from "drizzle-orm";
+import { and, eq, gt, isNull, or } from "drizzle-orm";
 import { NextResponse } from "next/server";
 import { z } from "zod";
 import { apiTokens, inboxItems } from "@/db/schema";
@@ -63,6 +63,7 @@ export async function POST(request: Request) {
 			where: and(
 				eq(apiTokens.tokenHash, tokenHash),
 				isNull(apiTokens.revokedAt),
+				or(isNull(apiTokens.expiresAt), gt(apiTokens.expiresAt, new Date())),
 			),
 		});

@@ -111,10 +112,11 @@ export async function POST(request: Request) {
 					success: true,
 				});
 			} catch (error) {
+				console.error("[API] Error processing batch item:", error);
 				results.push({
 					clientId: item.clientId,
 					success: false,
-					error: error instanceof Error ? error.message : "Erro desconhecido",
+					error: "Erro ao processar notificação",
 				});
 			}
 		}
--- a/src/app/api/inbox/route.ts
+++ b/src/app/api/inbox/route.ts
@@ -1,4 +1,4 @@
-import { and, eq, isNull } from "drizzle-orm";
+import { and, eq, gt, isNull, or } from "drizzle-orm";
 import { NextResponse } from "next/server";
 import { z } from "zod";
 import { apiTokens, inboxItems } from "@/db/schema";
@@ -56,6 +56,7 @@ export async function POST(request: Request) {
 			where: and(
 				eq(apiTokens.tokenHash, tokenHash),
 				isNull(apiTokens.revokedAt),
+				or(isNull(apiTokens.expiresAt), gt(apiTokens.expiresAt, new Date())),
 			),
 		});