mirror of
https://github.com/felipegcoutinho/openmonetis.git
synced 2026-05-09 11:01:45 +00:00
10afef9fec
- tokens: remover aceite de expiresAt NULL e forçar TTL de 1 ano - tokens: corrigir refresh que invalidava access token anterior - xlsx: desabilitar parsing de fórmulas (CVE-2024-44294) - csp: expandir Content-Security-Policy com origens explícitas - headers: adicionar Referrer-Policy e X-Permitted-Cross-Domain-Policies - api: retornar 401 JSON em vez de redirect 302 em rotas autenticadas - health: remover version disclosure do /api/health - robots.txt: simplificar para não expor rotas internas - sitemap: corrigir URL com protocolo duplicado - criar security.txt (RFC 9116) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
32 lines
841 B
TypeScript
32 lines
841 B
TypeScript
import { NextResponse } from "next/server";
|
|
import { fetchTransactionAttachments } from "@/features/transactions/attachment-queries";
|
|
import { getOptionalUserSession } from "@/shared/lib/auth/server";
|
|
|
|
const PRIVATE_RESPONSE_HEADERS = {
|
|
"Cache-Control": "private, no-store",
|
|
};
|
|
|
|
export async function GET(
|
|
_request: Request,
|
|
{ params }: { params: Promise<{ transactionId: string }> },
|
|
) {
|
|
const [session, { transactionId }] = await Promise.all([
|
|
getOptionalUserSession(),
|
|
params,
|
|
]);
|
|
|
|
if (!session?.user) {
|
|
return NextResponse.json(
|
|
{ error: "Não autenticado" },
|
|
{ status: 401, headers: PRIVATE_RESPONSE_HEADERS },
|
|
);
|
|
}
|
|
|
|
const userId = session.user.id;
|
|
const attachments = await fetchTransactionAttachments(userId, transactionId);
|
|
|
|
return NextResponse.json(attachments, {
|
|
headers: PRIVATE_RESPONSE_HEADERS,
|
|
});
|
|
}
|