import { NextRequest, NextResponse } from 'next/server' import { createClient } from '@/lib/supabase/server' import type { PartnerDto, LicServerProblemDetails } from '@/lib/types/licserver' const LICSERVER_BASE_URL = process.env.LICSERVER_BASE_URL const LICSERVER_API_KEY = process.env.LICSERVER_API_KEY /** * GET /api/licserver/partners/[id] * * Proxy to LicServer GET /api-v1/partners/{id} * [id] must be a valid UUID. * * Secured: requires a valid Supabase session. */ export async function GET( _req: NextRequest, { params }: { params: Promise<{ id: string }> } ) { // ── Auth guard ───────────────────────────────────────────────────────── const supabase = await createClient() const { data: { user } } = await supabase.auth.getUser() if (!user) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }) } // ── Env check ────────────────────────────────────────────────────────── if (!LICSERVER_BASE_URL || !LICSERVER_API_KEY) { console.error('[licserver] LICSERVER_BASE_URL or LICSERVER_API_KEY not set') return NextResponse.json( { error: 'LicServer not configured' }, { status: 503 } ) } const { id } = await params // Basic UUID format guard const UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i if (!UUID_RE.test(id)) { return NextResponse.json({ error: 'Invalid partner ID' }, { status: 400 }) } // ── Proxy request ────────────────────────────────────────────────────── try { const res = await fetch( `${LICSERVER_BASE_URL}/api-v1/partners/${id}`, { method: 'GET', headers: { 'X-Api-Key': LICSERVER_API_KEY, 'Accept': 'application/json', }, signal: AbortSignal.timeout(5_000), } ) if (!res.ok) { const problem: LicServerProblemDetails = await res.json().catch(() => ({})) return NextResponse.json(problem, { status: res.status }) } const data: PartnerDto = await res.json() return NextResponse.json(data) } catch (err) { console.error('[licserver] partner/:id fetch error:', err) return NextResponse.json( { error: 'LicServer nicht erreichbar' }, { status: 502 } ) } }