Revert "refactor: migrate auth and utility api routes to app router (#1408)" (#1409)

This reverts commit e956d62.

Author: clintonlunn

src/app/api/auth/[...nextauth]/authOptions.ts

@@ -2,8 +2,8 @@ import axios from 'axios'
 import type { NextAuthOptions } from 'next-auth'
 import Auth0Provider from 'next-auth/providers/auth0'
 
-import { AUTH_CONFIG_SERVER } from '@/Config'
-import { IUserMetadata, UserRole } from '@/js/types/User'
+import { AUTH_CONFIG_SERVER } from '../../../../Config'
+import { IUserMetadata, UserRole } from '../../../../js/types/User'
 import { initializeUserInDB } from '@/js/auth/initializeUserInDb'
 
 const CustomClaimsNS = 'https://tacos.openbeta.io/'

src/app/api/revalidate/route.ts

@@ -3,19 +3,19 @@
  * However, it does not actually log out of auth0. Therefore, after logging out and then in the user will automatically be logged in again.
  * The default user experience here could be ok for providers such as facebook/google/etc but we want users to be able to log in with another account.
  */
-import { NextRequest, NextResponse } from 'next/server'
+import { NextApiHandler } from 'next'
 
 const auth0Domain = process.env.AUTH0_DOMAIN ?? ''
 const auth0ClientId = process.env.AUTH0_CLIENT_ID ?? ''
 
-export async function GET (req: NextRequest): Promise<NextResponse> {
+const handler: NextApiHandler = (req, res): void => {
   const clientIdParam = `client_id=${auth0ClientId}`
-  const referer = req.headers.get('referer')
-
-  if (referer == null) {
-    return NextResponse.redirect(`${auth0Domain}/v2/logout?${clientIdParam}`)
+  if (req.headers.referer == null) {
+    res.redirect(`${auth0Domain}/v2/logout?${clientIdParam}`)
   } else {
-    const returnTo = new URL(referer).origin
-    return NextResponse.redirect(`${auth0Domain}/v2/logout?returnTo=${encodeURIComponent(returnTo)}&${clientIdParam}`)
+    const returnTo = new URL(req.headers.referer).origin
+    res.redirect(`${auth0Domain}/v2/logout?returnTo=${encodeURIComponent(returnTo)}&${clientIdParam}`)
   }
 }
+
+export default handler

src/app/api/user/emailVerification/route.ts

@@ -0,0 +1,18 @@
+import { NextApiRequest, NextApiHandler } from 'next'
+import { validate as isValid } from 'uuid'
+
+/**
+ * Invalidate legacy climb page (/climbs/<uuid>)
+ * @see https://nextjs.org/docs/basic-features/data-fetching/incremental-static-regeneration
+ * @deprecated
+ */
+const handler: NextApiHandler = async (req: NextApiRequest, res) => {
+  if (!res.writable) return
+  const climbUuid = req.query?.c as string
+  if (isValid(climbUuid)) {
+    await res.revalidate(`/climb/${climbUuid}`)
+    res.json({ revalidated: true })
+  }
+}
+
+export default handler

src/app/api/auth/logout/route.ts src/pages/api/auth/logout.tssrc/app/api/auth/logout/route.ts renamed to src/pages/api/auth/logout.ts

@@ -0,0 +1,45 @@
+import { NextApiRequest, NextApiResponse, NextApiHandler } from 'next'
+import withAuth from './withAuth'
+import { checkUsername } from '../../js/utils'
+
+/**
+ * Notify backend to regenerate a page.
+ * @see https://nextjs.org/docs/basic-features/data-fetching/incremental-static-regeneration
+ */
+const handler: NextApiHandler = async (req: NextApiRequest, res) => {
+  try {
+    await profileHandler(req, res)
+    await otherPagesHandler(req, res)
+    res.end()
+  } catch (e) {
+    return res.status(500).send('Error revalidating page')
+  }
+}
+
+/**
+ * Send a fetch('/api/revalidate?u=<username>') to regenerate the user page
+ */
+const profileHandler = async (req: NextApiRequest, res: NextApiResponse): Promise<any> => {
+  if (!res.writable) return
+  const username = req.query?.u as string
+  if (checkUsername(username)) {
+    await res.revalidate(`/u/${encodeURIComponent(username)}`)
+    res.json({ revalidated: true })
+  }
+}
+
+/**
+ * Send a fetch('/api/revalidate?page=edit') to regenerate the edit history.
+ * Need to whitelist the page in `ALLOWS` array.
+ */
+const otherPagesHandler = async (req: NextApiRequest, res: NextApiResponse): Promise<any> => {
+  if (!res.writable) return
+  const page = req.query?.page as string
+  const ALLOWS = ['/edit']
+  if (ALLOWS.includes(page)) {
+    await res.status(200).revalidate(page)
+    res.json({ revalidated: true })
+  }
+}
+
+export default withAuth(handler)

src/pages/api/legacyInvalidateClimbCache.ts

@@ -0,0 +1,42 @@
+import { NextApiHandler, NextApiRequest } from 'next'
+import * as jose from 'jose'
+import { AUTH_CONFIG_SERVER } from '../../../Config'
+import { sendEmailVerification } from '../../../js/auth/ManagementClient'
+
+if (AUTH_CONFIG_SERVER == null) throw new Error('AUTH_CONFIG_SERVER not defined')
+
+const { nextauthSecret } = AUTH_CONFIG_SERVER
+
+/**
+ * JWT-verify 'session_token' from Auth0 postLogin action.  The userId to request new email verification
+ * is in the JWT payload.  We want to make sure the token really comes from Auth0.
+ * - GET: verify only
+ * - POST: verify and send a verification email for the user.
+ * @param endpoint /api/user/emailVerification?token=<Auth0 session_token>
+ */
+const handler: NextApiHandler = async (req, res) => {
+  switch (req?.method) {
+    case 'GET': {
+      await verify(req)
+      res.status(200).end()
+      break
+    }
+    case 'POST': {
+      const token = await verify(req)
+      const auth0UserId = token.payload.sub
+      await sendEmailVerification(auth0UserId)
+      res.status(200).end()
+      break
+    }
+    default: res.status(503).end()
+  }
+}
+
+export default handler
+
+const verify = async (req: NextApiRequest): Promise<any> => {
+  const jwt = req.query?.token as string ?? null
+  if (jwt != null) {
+    return await jose.jwtVerify(jwt, Buffer.from(nextauthSecret))
+  }
+}

src/pages/api/revalidate.ts

@@ -41,9 +41,6 @@
       ],
       "@/public/*": [
         "../public/*"
-      ],
-      "@/*": [
-        "*"
       ]
     },
     "plugins": [