git.gladyson/openmonetis
1
0
Fork 1
mirror of https://github.com/felipegcoutinho/openmonetis.git synced 2026-05-09 11:01:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
3e80d5995b90d1f17166ba0d2792b2d865bf5ed2
openmonetis/src/app/api/auth/device/tokens/route.ts
Felipe Coutinho e4c6a91350 fix(segurança): endurecer autenticação e rotas privadas
2026-04-03 18:10:23 +00:00

46 lines
1.3 KiB
TypeScript
Raw Blame History

import { and, desc, eq, isNull } from "drizzle-orm";
import { headers } from "next/headers";
import { connection, NextResponse } from "next/server";
import { apiTokens } from "@/db/schema";
import { auth } from "@/shared/lib/auth/config";
import { db } from "@/shared/lib/db";
export async function GET() {
await connection();
// Verificar autenticação via sessão web
const requestHeaders = new Headers(await headers());
const session = await auth.api.getSession({ headers: requestHeaders });
if (!session?.user) {
return NextResponse.json({ error: "Não autenticado" }, { status: 401 });
}
try {
// Buscar tokens ativos do usuário
const activeTokens = await db
.select({
id: apiTokens.id,
name: apiTokens.name,
tokenPrefix: apiTokens.tokenPrefix,
lastUsedAt: apiTokens.lastUsedAt,
lastUsedIp: apiTokens.lastUsedIp,
expiresAt: apiTokens.expiresAt,
createdAt: apiTokens.createdAt,
})
.from(apiTokens)
.where(
and(eq(apiTokens.userId, session.user.id), isNull(apiTokens.revokedAt)),
)
.orderBy(desc(apiTokens.createdAt));
return NextResponse.json({ tokens: activeTokens });
} catch (error) {
console.error("[API] Error listing device tokens:", error);
return NextResponse.json(
{ error: "Erro ao listar tokens" },
{ status: 500 },
);
}
}
Reference in New Issue View Git Blame Copy Permalink