diff --git a/frontends/nextjs/src/app/api/v1/[...slug]/route.ts b/frontends/nextjs/src/app/api/v1/[...slug]/route.ts index 0149248fd..e7a66e836 100644 --- a/frontends/nextjs/src/app/api/v1/[...slug]/route.ts +++ b/frontends/nextjs/src/app/api/v1/[...slug]/route.ts @@ -57,7 +57,7 @@ async function handleRequest( const { user } = await getSessionUser() // 3. Validate package exists and user has required level - const packageResult = validatePackageRoute(route.package, route.entity, user) + const packageResult = await validatePackageRoute(route.package, route.entity, user) if (!packageResult.allowed) { const status = !user ? STATUS.UNAUTHORIZED : STATUS.FORBIDDEN return errorResponse(packageResult.reason || 'Access denied', status) diff --git a/frontends/nextjs/src/lib/routing/auth/validate-package-route.ts b/frontends/nextjs/src/lib/routing/auth/validate-package-route.ts index e1e6ec4b3..494f66718 100644 --- a/frontends/nextjs/src/lib/routing/auth/validate-package-route.ts +++ b/frontends/nextjs/src/lib/routing/auth/validate-package-route.ts @@ -3,17 +3,22 @@ */ export interface RouteValidationResult { - valid: boolean + allowed: boolean error?: string + reason?: string + package?: { + name?: string + minLevel?: number + } } export async function validatePackageRoute( - _b_tenant: string, - _b_packageId: string, - _userId?: string + _b_package: string, + _b_entity: string, + _userId?: unknown ): Promise { // TODO: Implement route validation - return { valid: true } + return { allowed: true } } export async function canBePrimaryPackage(_b_packageId: string): Promise { diff --git a/frontends/nextjs/src/lib/routing/index.ts b/frontends/nextjs/src/lib/routing/index.ts index 6e718c1d8..9e0940c51 100644 --- a/frontends/nextjs/src/lib/routing/index.ts +++ b/frontends/nextjs/src/lib/routing/index.ts @@ -20,39 +20,84 @@ export const STATUS = { FORBIDDEN: 403, NOT_FOUND: 404, ERROR: 500, + INTERNAL_ERROR: 500, } export function successResponse(data: unknown, status = STATUS.OK) { - return Response.json(data, { status }) + return new Response(JSON.stringify(data), { + status, + headers: { 'Content-Type': 'application/json' }, + }) } export function errorResponse(message: string, status = STATUS.ERROR) { - return Response.json({ error: message }, { status }) + return new Response(JSON.stringify({ error: message }), { + status, + headers: { 'Content-Type': 'application/json' }, + }) } -export async function getSessionUser(_req: Request): Promise { +export interface SessionUser { + user: unknown | null +} + +export async function getSessionUser(_req?: Request): Promise { // TODO: Implement session user retrieval - return null + return { user: null } } -export async function parseRestfulRequest(_req: Request): Promise { +export interface RestfulContext { + route: { + tenant: string + package: string + entity: string + id?: string + action?: string + } + operation: string + dbalOp: unknown +} + +export async function parseRestfulRequest( + _req: Request, + _params: { slug: string[] } +): Promise { // TODO: Implement RESTful request parsing - return {} + return { error: 'Not implemented', status: 500 } } -export async function executeDbalOperation(_op: unknown): Promise { +export async function executeDbalOperation( + _op: unknown, + _context?: unknown +): Promise<{ success: boolean; data?: unknown; error?: string; meta?: unknown }> { // TODO: Implement DBAL operation execution - throw new Error('Not implemented') + return { success: false, error: 'Not implemented' } } -export async function executePackageAction(_action: unknown): Promise { +export async function executePackageAction( + _packageId: unknown, + _entity: unknown, + _action: unknown, + _id: unknown, + _context?: unknown +): Promise<{ success: boolean; data?: unknown; error?: string }> { // TODO: Implement package action execution - throw new Error('Not implemented') + return { success: false, error: 'Not implemented' } } -export function validateTenantAccess(_tenant: unknown, _user: unknown): boolean { +export interface TenantValidationResult { + allowed: boolean + reason?: string + tenant?: unknown +} + +export async function validateTenantAccess( + _user: unknown, + _tenant: unknown, + _minLevel: unknown +): Promise { // TODO: Implement tenant access validation - return false + return { allowed: false, reason: 'Not implemented' } } // Re-export auth functions