feat(phase1): ad_channels 테이블 + admin CRUD API

- Migration: ad_channels table (uuid, name, url, status, memo)
- Routes: GET/POST /api/admin/ad-channels (list/create)
- Routes: PATCH/DELETE /api/admin/ad-channels/[id] (update/delete)
- Auth: admin_token verification via verifyAdminTokenNode
- RLS: service_role only, no additional policies

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-07-02 15:19:09 +09:00
parent 90be0d6316
commit 3e031a1c80
3 changed files with 109 additions and 0 deletions

View File

@@ -0,0 +1,47 @@
import { NextResponse } from 'next/server';
import { cookies } from 'next/headers';
import { createAdminClient } from '@/lib/supabase/admin';
import { verifyAdminTokenNode } from '@/lib/admin-auth';
export const runtime = 'nodejs';
async function checkAuth() {
const cookieStore = await cookies();
const token = cookieStore.get('admin_token')?.value;
return token && verifyAdminTokenNode(token);
}
export async function PATCH(request: Request, { params }: { params: Promise<{ id: string }> }) {
if (!(await checkAuth())) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const { id } = await params;
const body = await request.json();
const patch: Record<string, unknown> = { updated_at: new Date().toISOString() };
if (typeof body.name === 'string' && body.name.trim()) patch.name = body.name.trim();
if ('url' in body) patch.url = body.url?.trim() || null;
if ('memo' in body) patch.memo = body.memo?.trim() || null;
if (body.status === 'active' || body.status === 'paused') patch.status = body.status;
const supabase = createAdminClient();
const { error } = await supabase.from('ad_channels').update(patch).eq('id', id);
if (error) return NextResponse.json({ error: error.message }, { status: 500 });
return NextResponse.json({ success: true });
}
export async function DELETE(_request: Request, { params }: { params: Promise<{ id: string }> }) {
if (!(await checkAuth())) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const { id } = await params;
const supabase = createAdminClient();
const { error } = await supabase.from('ad_channels').delete().eq('id', id);
if (error) return NextResponse.json({ error: error.message }, { status: 500 });
return NextResponse.json({ success: true });
}

View File

@@ -0,0 +1,50 @@
import { NextResponse } from 'next/server';
import { cookies } from 'next/headers';
import { createAdminClient } from '@/lib/supabase/admin';
import { verifyAdminTokenNode } from '@/lib/admin-auth';
export const runtime = 'nodejs';
async function checkAuth() {
const cookieStore = await cookies();
const token = cookieStore.get('admin_token')?.value;
return token && verifyAdminTokenNode(token);
}
export async function GET() {
if (!(await checkAuth())) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const supabase = createAdminClient();
const { data, error } = await supabase
.from('ad_channels')
.select('*')
.order('created_at', { ascending: false });
if (error) return NextResponse.json({ error: error.message }, { status: 500 });
return NextResponse.json({ channels: data ?? [] });
}
export async function POST(request: Request) {
if (!(await checkAuth())) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const body = await request.json();
const name = (body.name as string | undefined)?.trim();
if (!name) {
return NextResponse.json({ error: '채널명을 입력해주세요.' }, { status: 400 });
}
const supabase = createAdminClient();
const { data, error } = await supabase
.from('ad_channels')
.insert({ name, url: body.url?.trim() || null, memo: body.memo?.trim() || null })
.select()
.single();
if (error) return NextResponse.json({ error: error.message }, { status: 500 });
return NextResponse.json({ channel: data });
}

View File

@@ -0,0 +1,12 @@
CREATE TABLE IF NOT EXISTS ad_channels (
id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
name text NOT NULL,
url text,
status text NOT NULL DEFAULT 'active' CHECK (status IN ('active','paused')),
memo text,
created_at timestamptz NOT NULL DEFAULT now(),
updated_at timestamptz NOT NULL DEFAULT now()
);
ALTER TABLE ad_channels ENABLE ROW LEVEL SECURITY;
-- service_role(관리자 API)만 접근 — 별도 policy 없음(기본 거부)