1+ // =================================
2+ // app/api/auth/session/route.tsx
3+ // =================================
4+
5+ import { NextResponse } from 'next/server' ;
6+ import { rateLimit , createRateLimitHeaders } from "@/lib/security/rate-limiter-config" ;
7+ import supabase from '@/lib/supabase' ;
8+
9+ // GET: Get current session information
10+ export async function GET ( request : Request ) {
11+ try {
12+ // Apply rate limiting
13+ const rateLimitResult = await rateLimit ( request , 'default' ) ;
14+ if ( ! rateLimitResult . success ) {
15+ return new NextResponse (
16+ JSON . stringify ( { error : 'Too many requests. Please try again later.' } ) ,
17+ {
18+ status : 429 ,
19+ headers : {
20+ 'Content-Type' : 'application/json' ,
21+ ...createRateLimitHeaders ( rateLimitResult ) ,
22+ }
23+ }
24+ ) ;
25+ }
26+
27+ // Get session from Supabase Auth
28+ const authHeader = request . headers . get ( 'authorization' ) ;
29+ if ( ! authHeader ) {
30+ return NextResponse . json (
31+ { session : null } ,
32+ { headers : createRateLimitHeaders ( rateLimitResult ) }
33+ ) ;
34+ }
35+
36+ // For now, return a basic response
37+ // In a full implementation, you would verify the session token
38+ return NextResponse . json (
39+ { session : null } ,
40+ { headers : createRateLimitHeaders ( rateLimitResult ) }
41+ ) ;
42+ } catch ( error ) {
43+ console . error ( "Error getting session:" , error ) ;
44+ return NextResponse . json (
45+ { error : "Failed to get session" } ,
46+ { status : 500 }
47+ ) ;
48+ }
49+ }
50+
51+ // POST: Create a new session (login)
52+ export async function POST ( request : Request ) {
53+ try {
54+ // Apply rate limiting
55+ const rateLimitResult = await rateLimit ( request , 'users_login' ) ;
56+ if ( ! rateLimitResult . success ) {
57+ return new NextResponse (
58+ JSON . stringify ( { error : 'Too many login attempts. Please try again later.' } ) ,
59+ {
60+ status : 429 ,
61+ headers : {
62+ 'Content-Type' : 'application/json' ,
63+ ...createRateLimitHeaders ( rateLimitResult ) ,
64+ }
65+ }
66+ ) ;
67+ }
68+
69+ // This would handle session creation
70+ // For now, redirect to the main users login endpoint
71+ return NextResponse . json (
72+ { message : "Use /api/users?action=login for authentication" } ,
73+ {
74+ status : 400 ,
75+ headers : createRateLimitHeaders ( rateLimitResult )
76+ }
77+ ) ;
78+ } catch ( error ) {
79+ console . error ( "Error creating session:" , error ) ;
80+ return NextResponse . json (
81+ { error : "Failed to create session" } ,
82+ { status : 500 }
83+ ) ;
84+ }
85+ }
86+
87+ // DELETE: Logout/destroy session
88+ export async function DELETE ( request : Request ) {
89+ try {
90+ // Apply rate limiting
91+ const rateLimitResult = await rateLimit ( request , 'default' ) ;
92+ if ( ! rateLimitResult . success ) {
93+ return new NextResponse (
94+ JSON . stringify ( { error : 'Too many requests. Please try again later.' } ) ,
95+ {
96+ status : 429 ,
97+ headers : {
98+ 'Content-Type' : 'application/json' ,
99+ ...createRateLimitHeaders ( rateLimitResult ) ,
100+ }
101+ }
102+ ) ;
103+ }
104+
105+ // Handle logout logic here
106+ return NextResponse . json (
107+ { success : true } ,
108+ { headers : createRateLimitHeaders ( rateLimitResult ) }
109+ ) ;
110+ } catch ( error ) {
111+ console . error ( "Error destroying session:" , error ) ;
112+ return NextResponse . json (
113+ { error : "Failed to destroy session" } ,
114+ { status : 500 }
115+ ) ;
116+ }
117+ }
0 commit comments