|
|
@@ -1,6 +1,7 @@
|
|
|
import { NextResponse, type NextRequest } from "next/server";
|
|
|
import { z } from "zod";
|
|
|
import { getSupabaseServerClient } from "@/lib/supabase/server";
|
|
|
+import { getCurrentUser } from "@/lib/auth/current-user";
|
|
|
import { env } from "@/env";
|
|
|
import { TMDB_API_BASE_URL, TRAILER_DOMAIN_ALLOWLIST } from "@/lib/constants";
|
|
|
import type { Database } from "@/types/database";
|
|
|
@@ -45,14 +46,11 @@ function isAllowedTrailerDomain(url: string): boolean {
|
|
|
|
|
|
export async function POST(request: NextRequest) {
|
|
|
try {
|
|
|
- const supabase = await getSupabaseServerClient();
|
|
|
-
|
|
|
- const {
|
|
|
- data: { user },
|
|
|
- } = await supabase.auth.getUser();
|
|
|
+ const user = await getCurrentUser(request);
|
|
|
if (!user) {
|
|
|
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
|
|
|
}
|
|
|
+ const supabase = await getSupabaseServerClient();
|
|
|
|
|
|
const body = await request.json();
|
|
|
const parsed = addMovieSchema.safeParse(body);
|
|
|
@@ -89,13 +87,23 @@ export async function POST(request: NextRequest) {
|
|
|
return NextResponse.json({ error: "Movie already in group" }, { status: 409 });
|
|
|
}
|
|
|
|
|
|
- // Fetch movie details from TMDB
|
|
|
+ // Fetch movie details from TMDB. TMDB_API_KEY is a v4 read-access token,
|
|
|
+ // so it must be sent as `Authorization: Bearer …` — the v3 `?api_key=`
|
|
|
+ // query form silently 401s with v4 tokens.
|
|
|
+ const tmdbHeaders = {
|
|
|
+ Authorization: `Bearer ${env.TMDB_API_KEY}`,
|
|
|
+ Accept: "application/json",
|
|
|
+ };
|
|
|
const [detailsRes, videosRes] = await Promise.all([
|
|
|
- fetch(`${TMDB_API_BASE_URL}/movie/${tmdb_id}?api_key=${env.TMDB_API_KEY}`),
|
|
|
- fetch(`${TMDB_API_BASE_URL}/movie/${tmdb_id}/videos?api_key=${env.TMDB_API_KEY}`),
|
|
|
+ fetch(`${TMDB_API_BASE_URL}/movie/${tmdb_id}`, { headers: tmdbHeaders }),
|
|
|
+ fetch(`${TMDB_API_BASE_URL}/movie/${tmdb_id}/videos`, { headers: tmdbHeaders }),
|
|
|
]);
|
|
|
|
|
|
if (!detailsRes.ok) {
|
|
|
+ const body = await detailsRes.text().catch(() => "");
|
|
|
+ console.error(
|
|
|
+ `TMDB details fetch failed: ${detailsRes.status} tmdb_id=${tmdb_id} body=${body.slice(0, 300)}`,
|
|
|
+ );
|
|
|
return NextResponse.json({ error: "Movie not found on TMDB" }, { status: 404 });
|
|
|
}
|
|
|
|