feat: ST-401-ST-410 M4 REST API, tokenbeleer en activiteitenlog
- api-auth.ts was al aanwezig; demo-check toegevoegd per endpoint (ST-401) - Token aanmaken (SHA-256 hash, eenmalig tonen), intrekken, max 10 (ST-402) - GET /api/products actieve productenlijst (ST-403) - GET /api/products/:id/next-story hoogst geprioriteerde open story (ST-404) - GET /api/sprints/:id/tasks met limit parameter (ST-405) - PATCH /api/stories/:id/tasks/reorder met ID-validatie (ST-406) - POST /api/stories/:id/log met discriminatedUnion per type (ST-407) - PATCH /api/tasks/:id status bijwerken met cross-user bescherming (ST-408) - POST /api/todos via API aanmaken (ST-409) - StoryLog component met kleurcodering per type in story slide-over (ST-410) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
d92e548f88
commit
b71a1a7328
14 changed files with 713 additions and 1 deletions
46
app/api/tasks/[id]/route.ts
Normal file
46
app/api/tasks/[id]/route.ts
Normal file
|
|
@ -0,0 +1,46 @@
|
|||
import { authenticateApiRequest } from '@/lib/api-auth'
|
||||
import { prisma } from '@/lib/prisma'
|
||||
import { z } from 'zod'
|
||||
|
||||
const patchSchema = z.object({
|
||||
status: z.enum(['TO_DO', 'IN_PROGRESS', 'DONE']),
|
||||
})
|
||||
|
||||
export async function PATCH(
|
||||
request: Request,
|
||||
{ params }: { params: Promise<{ id: string }> }
|
||||
) {
|
||||
const auth = await authenticateApiRequest(request)
|
||||
if ('error' in auth) {
|
||||
return Response.json({ error: auth.error }, { status: auth.status })
|
||||
}
|
||||
if (auth.isDemo) {
|
||||
return Response.json({ error: 'Niet beschikbaar in demo-modus' }, { status: 403 })
|
||||
}
|
||||
|
||||
const { id } = await params
|
||||
|
||||
const task = await prisma.task.findFirst({
|
||||
where: { id },
|
||||
include: { story: { include: { product: true } } },
|
||||
})
|
||||
if (!task) {
|
||||
return Response.json({ error: 'Taak niet gevonden' }, { status: 404 })
|
||||
}
|
||||
if (task.story.product.user_id !== auth.userId) {
|
||||
return Response.json({ error: 'Geen toegang' }, { status: 403 })
|
||||
}
|
||||
|
||||
const body = await request.json().catch(() => null)
|
||||
const parsed = patchSchema.safeParse(body)
|
||||
if (!parsed.success) {
|
||||
return Response.json({ error: parsed.error.flatten() }, { status: 400 })
|
||||
}
|
||||
|
||||
const updated = await prisma.task.update({
|
||||
where: { id },
|
||||
data: { status: parsed.data.status },
|
||||
})
|
||||
|
||||
return Response.json({ id: updated.id, status: updated.status })
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue