fix(segurança): endurecer autenticação e rotas privadas

2026-05-09 19:01:47 +00:00 · 2026-04-03 18:10:23 +00:00
parent ba369e8a83
commit e4c6a91350
12 changed files with 357 additions and 28 deletions
--- a/src/app/api/transactions/[transactionId]/attachments/route.ts
+++ b/src/app/api/transactions/[transactionId]/attachments/route.ts
@@ -0,0 +1,19 @@
+import { NextResponse } from "next/server";
+import { fetchTransactionAttachments } from "@/features/transactions/attachment-queries";
+import { getUserId } from "@/shared/lib/auth/server";
+
+const PRIVATE_RESPONSE_HEADERS = {
+	"Cache-Control": "private, no-store",
+};
+
+export async function GET(
+	_request: Request,
+	{ params }: { params: Promise<{ transactionId: string }> },
+) {
+	const [userId, { transactionId }] = await Promise.all([getUserId(), params]);
+	const attachments = await fetchTransactionAttachments(userId, transactionId);
+
+	return NextResponse.json(attachments, {
+		headers: PRIVATE_RESPONSE_HEADERS,
+	});
+}