feat: Secure API routes with authentication checks and enhance redirect handling for unauthenticated users.

2026-02-03 18:51:16 +00:00
parent 7c6d1cd681
commit be7db36126
9 changed files with 90 additions and 13 deletions
--- a/app/(app)/opportunities/page.tsx
+++ b/app/(app)/opportunities/page.tsx
@@ -91,8 +91,18 @@ export default function OpportunitiesPage() {
    }

    fetch('/api/opportunities')
-      .then(r => r.json())
-      .then(data => setPlatforms(data.platforms))
+      .then(r => {
+        if (r.redirected) {
+          router.push('/auth?next=/opportunities')
+          return null
+        }
+        return r.json()
+      })
+      .then(data => {
+        if (data) {
+          setPlatforms(data.platforms)
+        }
+      })
  }, [router])

  const togglePlatform = (platformId: string) => {
@@ -129,6 +139,11 @@ export default function OpportunitiesPage() {
        body: JSON.stringify({ analysis, config })
      })

+      if (response.redirected) {
+        router.push('/auth?next=/opportunities')
+        return
+      }
+
      const data = await response.json()
      
      if (data.success) {
--- a/app/api/analyze-manual/route.ts
+++ b/app/api/analyze-manual/route.ts
@@ -1,4 +1,5 @@
 import { NextRequest, NextResponse } from 'next/server'
+import { isAuthenticatedNextjs } from "@convex-dev/auth/nextjs/server";
 import { z } from 'zod'
 import { analyzeFromText } from '@/lib/scraper'
 import { performDeepAnalysis } from '@/lib/analysis-pipeline'
@@ -11,6 +12,14 @@ const bodySchema = z.object({

 export async function POST(request: NextRequest) {
  try {
+    if (!(await isAuthenticatedNextjs())) {
+      const redirectUrl = new URL("/auth", request.url);
+      const referer = request.headers.get("referer");
+      const nextPath = referer ? new URL(referer).pathname + new URL(referer).search : "/";
+      redirectUrl.searchParams.set("next", nextPath);
+      return NextResponse.redirect(redirectUrl);
+    }
+
    const body = await request.json()
    const { productName, description, features } = bodySchema.parse(body)

--- a/app/api/analyze/route.ts
+++ b/app/api/analyze/route.ts
@@ -1,4 +1,5 @@
 import { NextRequest, NextResponse } from 'next/server'
+import { isAuthenticatedNextjs } from "@convex-dev/auth/nextjs/server";
 import { z } from 'zod'
 import { scrapeWebsite, ScrapingError } from '@/lib/scraper'
 import { performDeepAnalysis } from '@/lib/analysis-pipeline'
@@ -9,6 +10,14 @@ const bodySchema = z.object({

 export async function POST(request: NextRequest) {
  try {
+    if (!(await isAuthenticatedNextjs())) {
+      const redirectUrl = new URL("/auth", request.url);
+      const referer = request.headers.get("referer");
+      const nextPath = referer ? new URL(referer).pathname + new URL(referer).search : "/";
+      redirectUrl.searchParams.set("next", nextPath);
+      return NextResponse.redirect(redirectUrl);
+    }
+
    const body = await request.json()
    const { url } = bodySchema.parse(body)

--- a/app/api/opportunities/route.ts
+++ b/app/api/opportunities/route.ts
@@ -1,4 +1,5 @@
 import { NextRequest, NextResponse } from 'next/server'
+import { isAuthenticatedNextjs } from "@convex-dev/auth/nextjs/server";
 import { z } from 'zod'
 import { generateSearchQueries, getDefaultPlatforms } from '@/lib/query-generator'
 import { executeSearches, scoreOpportunities } from '@/lib/search-executor'
@@ -55,6 +56,14 @@ const searchSchema = z.object({

 export async function POST(request: NextRequest) {
  try {
+    if (!(await isAuthenticatedNextjs())) {
+      const redirectUrl = new URL("/auth", request.url);
+      const referer = request.headers.get("referer");
+      const nextPath = referer ? new URL(referer).pathname + new URL(referer).search : "/";
+      redirectUrl.searchParams.set("next", nextPath);
+      return NextResponse.redirect(redirectUrl);
+    }
+
    const body = await request.json()
    const { analysis, config } = searchSchema.parse(body)

@@ -118,7 +127,15 @@ export async function POST(request: NextRequest) {
 }

 // Get default configuration
-export async function GET() {
+export async function GET(request: NextRequest) {
+  if (!(await isAuthenticatedNextjs())) {
+    const redirectUrl = new URL("/auth", request.url);
+    const referer = request.headers.get("referer");
+    const nextPath = referer ? new URL(referer).pathname + new URL(referer).search : "/";
+    redirectUrl.searchParams.set("next", nextPath);
+    return NextResponse.redirect(redirectUrl);
+  }
+
  const defaultPlatforms = getDefaultPlatforms()
  
  return NextResponse.json({
--- a/app/api/search/route.ts
+++ b/app/api/search/route.ts
@@ -1,4 +1,5 @@
 import { NextRequest, NextResponse } from 'next/server'
+import { isAuthenticatedNextjs } from "@convex-dev/auth/nextjs/server";
 import { z } from 'zod'
 import type { EnhancedProductAnalysis, Opportunity, DorkQuery } from '@/lib/types'

@@ -35,6 +36,14 @@ const bodySchema = z.object({

 export async function POST(request: NextRequest) {
  try {
+    if (!(await isAuthenticatedNextjs())) {
+      const redirectUrl = new URL("/auth", request.url);
+      const referer = request.headers.get("referer");
+      const nextPath = referer ? new URL(referer).pathname + new URL(referer).search : "/";
+      redirectUrl.searchParams.set("next", nextPath);
+      return NextResponse.redirect(redirectUrl);
+    }
+
    const body = await request.json()
    const { analysis } = bodySchema.parse(body)

--- a/app/auth/page.tsx
+++ b/app/auth/page.tsx
@@ -3,11 +3,13 @@
 import { SignIn } from "@/components/auth/SignIn";
 import { Authenticated, Unauthenticated, useQuery } from "convex/react";
 import { api } from "@/convex/_generated/api";
-import { useRouter } from "next/navigation";
+import { useRouter, useSearchParams } from "next/navigation";
 import { useEffect } from "react";

 export default function AuthPage() {
    const router = useRouter();
+    const searchParams = useSearchParams();
+    const nextPath = searchParams.get("next");

    return (
        <div className="min-h-screen flex items-center justify-center bg-background">
@@ -15,17 +17,17 @@ export default function AuthPage() {
                <SignIn />
            </Unauthenticated>
            <Authenticated>
-                <RedirectToDashboard />
+                <RedirectToDashboard nextPath={nextPath} />
            </Authenticated>
        </div>
    );
 }

-function RedirectToDashboard() {
+function RedirectToDashboard({ nextPath }: { nextPath: string | null }) {
    const router = useRouter();
    useEffect(() => {
-        router.push("/dashboard");
-    }, [router]);
+        router.push(nextPath || "/dashboard");
+    }, [router, nextPath]);

    return (
        <div className="text-center">
--- a/app/onboarding/page.tsx
+++ b/app/onboarding/page.tsx
@@ -46,6 +46,11 @@ export default function OnboardingPage() {
        body: JSON.stringify({ url }),
      })

+      if (response.redirected) {
+        router.push('/auth?next=/onboarding')
+        return
+      }
+
      const data = await response.json()

      if (!response.ok) {
@@ -108,6 +113,11 @@ export default function OnboardingPage() {
        }),
      })

+      if (response.redirected) {
+        router.push('/auth?next=/onboarding')
+        return
+      }
+
      let finalAnalysis = manualAnalysis

      if (response.ok) {
--- a/components/auth/SignIn.tsx
+++ b/components/auth/SignIn.tsx
@@ -1,6 +1,6 @@
 import { useAuthActions } from "@convex-dev/auth/react";
 import { useState } from "react";
-import { useRouter } from "next/navigation";
+import { useRouter, useSearchParams } from "next/navigation";
 import { Button } from "@/components/ui/button";
 import { Input } from "@/components/ui/input";
 import { Card, CardContent, CardDescription, CardFooter, CardHeader, CardTitle } from "@/components/ui/card";
@@ -10,6 +10,8 @@ import { Separator } from "@/components/ui/separator";
 export function SignIn() {
    const { signIn } = useAuthActions();
    const router = useRouter();
+    const searchParams = useSearchParams();
+    const nextPath = searchParams.get("next");
    const [step, setStep] = useState<"signIn" | "signUp">("signIn");
    const [email, setEmail] = useState("");
    const [password, setPassword] = useState("");
@@ -21,10 +23,11 @@ export function SignIn() {
        try {
            const flow = step === "signIn" ? "signIn" : "signUp";
            await signIn("password", { email, password, flow });
+            const next = nextPath || (flow === "signIn" ? "/dashboard" : "/onboarding");
            if (flow === "signIn") {
-                router.push("/dashboard");
+                router.push(next);
            } else {
-                router.push("/onboarding");
+                router.push(next);
            }
        } catch (err: any) {
            console.error(err);
@@ -38,7 +41,8 @@ export function SignIn() {
    };

    const handleGoogleSignIn = () => {
-        void signIn("google", { redirectTo: "/dashboard" });
+        const next = nextPath || "/dashboard";
+        void signIn("google", { redirectTo: next });
    };

    return (
--- a/middleware.ts
+++ b/middleware.ts
@@ -17,7 +17,9 @@ export default convexAuthNextjsMiddleware(async (request) => {
        return nextjsMiddlewareRedirect(request, "/dashboard");
    }
    if (isProtectedPage(request) && !(await isAuthenticatedNextjs())) {
-        return nextjsMiddlewareRedirect(request, "/auth");
+        const nextUrl = new URL("/auth", request.url);
+        nextUrl.searchParams.set("next", request.nextUrl.pathname + request.nextUrl.search);
+        return nextjsMiddlewareRedirect(request, nextUrl.toString());
    }
 });