fix(segurança): endurecer autenticação e rotas privadas

2026-05-09 19:01:47 +00:00 · 2026-04-03 18:10:23 +00:00
parent ba369e8a83
commit e4c6a91350
12 changed files with 357 additions and 28 deletions
--- a/src/app/api/insights/saved/route.ts
+++ b/src/app/api/insights/saved/route.ts
@@ -0,0 +1,34 @@
+import { NextResponse } from "next/server";
+import {
+	fetchSavedInsights,
+	savedInsightsPeriodSchema,
+} from "@/features/insights/queries";
+import { getUserId } from "@/shared/lib/auth/server";
+
+const PRIVATE_RESPONSE_HEADERS = {
+	"Cache-Control": "private, no-store",
+};
+
+export async function GET(request: Request) {
+	const period = new URL(request.url).searchParams.get("period") ?? "";
+	const validatedPeriod = savedInsightsPeriodSchema.safeParse(period);
+
+	if (!validatedPeriod.success) {
+		return NextResponse.json(
+			{
+				error: validatedPeriod.error.issues[0]?.message ?? "Período inválido.",
+			},
+			{
+				status: 400,
+				headers: PRIVATE_RESPONSE_HEADERS,
+			},
+		);
+	}
+
+	const userId = await getUserId();
+	const insights = await fetchSavedInsights(userId, validatedPeriod.data);
+
+	return NextResponse.json(insights, {
+		headers: PRIVATE_RESPONSE_HEADERS,
+	});
+}