puffin-app/lib/admin/middleware.ts

import { NextRequest, NextResponse } from 'next/server';
import { verifyToken } from './auth';

/**
 * Middleware to protect admin API routes
 * Returns 401 if not authenticated
 */
export function withAdminAuth(
  handler: (request: NextRequest) => Promise<NextResponse>
) {
  return async (request: NextRequest) => {
    // Get token from cookie
    const token = request.cookies.get('admin-token')?.value;

    if (!token) {
      return NextResponse.json(
        { error: 'Unauthorized - No token provided' },
        { status: 401 }
      );
    }

    // Verify token
    const payload = verifyToken(token);

    if (!payload || !payload.isAdmin) {
      return NextResponse.json(
        { error: 'Unauthorized - Invalid token' },
        { status: 401 }
      );
    }

    // Token is valid, proceed with the request
    return handler(request);
  };
}

/**
 * Check if request is from authenticated admin
 * For use in server components and API routes
 */
export function getAdminFromRequest(request: NextRequest) {
  const token = request.cookies.get('admin-token')?.value;

  if (!token) {
    return null;
  }

  const payload = verifyToken(token);

  if (!payload || !payload.isAdmin) {
    return null;
  }

  return {
    username: payload.username,
    isAdmin: true,
  };
}
Implement Modern Maritime admin panel design with Monaco background 🎨 Complete UI redesign of admin panel with professional color scheme: ## New Modern Maritime Color Palette - Deep Sea Blue (#1D2939) - Sidebar background - Sail White (#F8F9FA) - Main background - Maritime Teal (#008B8B) - Primary accent - Sea Green (#1E8449) - Success/environmental theme - Muted Gold (#D68910) - Revenue highlights - Royal Purple (#884EA0) - Brand accent - Off-White (#EAECEF) - Text on dark backgrounds ## Admin Panel Features - ✅ JWT-based authentication system - ✅ Protected routes with middleware - ✅ Elegant sidebar navigation with Puffin logo - ✅ Dashboard with stat cards (Orders, CO₂, Revenue, Fulfillment) - ✅ Monaco harbor image background on login page - ✅ Responsive glassmorphism design - ✅ WCAG AA contrast compliance ## New Files - app/admin/ - Admin pages (login, dashboard, orders) - app/api/admin/ - Auth API routes (login, logout, verify) - components/admin/ - AdminSidebar component - lib/auth.ts - JWT authentication utilities - public/monaco_high_res.jpg - Luxury background image ## Updated - tailwind.config.js - Custom maritime color palette - package.json - Added jsonwebtoken dependency - app/layout.tsx - RootLayoutClient integration 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-11-03 09:35:43 +01:00			`import { NextRequest, NextResponse } from 'next/server';`
			`import { verifyToken } from './auth';`

			`/**`
			`* Middleware to protect admin API routes`
			`* Returns 401 if not authenticated`
			`*/`
			`export function withAdminAuth(`
			`handler: (request: NextRequest) => Promise<NextResponse>`
			`) {`
			`return async (request: NextRequest) => {`
			`// Get token from cookie`
			`const token = request.cookies.get('admin-token')?.value;`

			`if (!token) {`
			`return NextResponse.json(`
			`{ error: 'Unauthorized - No token provided' },`
			`{ status: 401 }`
			`);`
			`}`

			`// Verify token`
			`const payload = verifyToken(token);`

			`if (!payload \|\| !payload.isAdmin) {`
			`return NextResponse.json(`
			`{ error: 'Unauthorized - Invalid token' },`
			`{ status: 401 }`
			`);`
			`}`

			`// Token is valid, proceed with the request`
			`return handler(request);`
			`};`
			`}`

			`/**`
			`* Check if request is from authenticated admin`
			`* For use in server components and API routes`
			`*/`
			`export function getAdminFromRequest(request: NextRequest) {`
			`const token = request.cookies.get('admin-token')?.value;`

			`if (!token) {`
			`return null;`
			`}`

			`const payload = verifyToken(token);`

			`if (!payload \|\| !payload.isAdmin) {`
			`return null;`
			`}`

			`return {`
			`username: payload.username,`
			`isAdmin: true,`
			`};`
			`}`