implement better-auth auth with postgres and route protection

2026-02-24 13:32:43 -05:00
parent fd168f607c
commit 52a4ab38d3
31 changed files with 1202 additions and 89 deletions
--- a/app/api/filings/[accessionNumber]/analyze/route.ts
+++ b/app/api/filings/[accessionNumber]/analyze/route.ts
@@ -1,4 +1,5 @@
 import { asErrorMessage, jsonError } from '@/lib/server/http';
+import { requireAuthenticatedSession } from '@/lib/server/auth-session';
 import { enqueueTask } from '@/lib/server/tasks';

 type Context = {
@@ -6,6 +7,11 @@ type Context = {
 };

 export async function POST(_request: Request, context: Context) {
+  const { session, response } = await requireAuthenticatedSession();
+  if (response) {
+    return response;
+  }
+
  try {
    const { accessionNumber } = await context.params;

@@ -14,6 +20,7 @@ export async function POST(_request: Request, context: Context) {
    }

    const task = await enqueueTask({
+      userId: session.user.id,
      taskType: 'analyze_filing',
      payload: { accessionNumber: accessionNumber.trim() },
      priority: 65
--- a/app/api/filings/route.ts
+++ b/app/api/filings/route.ts
@@ -1,6 +1,12 @@
+import { requireAuthenticatedSession } from '@/lib/server/auth-session';
 import { getStoreSnapshot } from '@/lib/server/store';

 export async function GET(request: Request) {
+  const { response } = await requireAuthenticatedSession();
+  if (response) {
+    return response;
+  }
+
  const url = new URL(request.url);
  const tickerFilter = url.searchParams.get('ticker')?.trim().toUpperCase();
  const limitValue = Number(url.searchParams.get('limit') ?? 50);
--- a/app/api/filings/sync/route.ts
+++ b/app/api/filings/sync/route.ts
@@ -1,7 +1,13 @@
 import { asErrorMessage, jsonError } from '@/lib/server/http';
+import { requireAuthenticatedSession } from '@/lib/server/auth-session';
 import { enqueueTask } from '@/lib/server/tasks';

 export async function POST(request: Request) {
+  const { session, response } = await requireAuthenticatedSession();
+  if (response) {
+    return response;
+  }
+
  try {
    const payload = await request.json() as {
      ticker?: string;
@@ -13,6 +19,7 @@ export async function POST(request: Request) {
    }

    const task = await enqueueTask({
+      userId: session.user.id,
      taskType: 'sync_filings',
      payload: {
        ticker: payload.ticker.trim().toUpperCase(),