feat: implement merchant dashboard, secure auth, and short_id system

- Added dedicated merchant dashboard with analytics and transactions - Implemented API Key based authentication for merchants - Introduced 8-character Short IDs for merchants to use in URLs - Refactored checkout and payment intent APIs to support multi-gateway - Enhanced Landing Page with Merchant Portal access and marketing copy - Fixed Next.js 15 async params build issues - Updated internal branding to P2CGateway - Added AyrisTech credits to footer
2026-01-20 21:58:41 +03:00
parent af09543374
commit 3562e10713
46 changed files with 3505 additions and 414 deletions
--- a/app/api/merchants/auth/route.ts
+++ b/app/api/merchants/auth/route.ts
@@ -0,0 +1,60 @@
+import { NextRequest, NextResponse } from 'next/server';
+import { supabaseAdmin } from '@/lib/supabase-admin';
+import { cookies } from 'next/headers';
+
+export async function POST(req: NextRequest) {
+    try {
+        const { identifier, apiKey } = await req.json();
+
+        if (!identifier || !apiKey) {
+            return NextResponse.json({ error: 'Eksik bilgi.' }, { status: 400 });
+        }
+
+        // 1. Resolve merchant by ID or short_id
+        const isUUID = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(identifier);
+
+        const query = supabaseAdmin
+            .from('merchants')
+            .select('*');
+
+        if (isUUID) {
+            query.eq('id', identifier);
+        } else {
+            query.eq('short_id', identifier);
+        }
+
+        const { data: merchant, error } = await query.single();
+
+        if (error || !merchant) {
+            return NextResponse.json({ error: 'Firma bulunamadı.' }, { status: 404 });
+        }
+
+        // 2. Verify API Key
+        if (merchant.api_key !== apiKey) {
+            return NextResponse.json({ error: 'Geçersiz anahtar.' }, { status: 401 });
+        }
+
+        // 3. Set Auth Cookie (simplified for now)
+        // Store the merchant ID in a cookie
+        const cookieStore = await cookies();
+        cookieStore.set(`merchant_auth_${merchant.id}`, 'true', {
+            httpOnly: true,
+            secure: process.env.NODE_ENV === 'production',
+            maxAge: 60 * 60 * 24, // 24 hours
+            path: '/',
+        });
+
+        // Also set a temporary short_id link if needed
+        if (merchant.short_id) {
+            cookieStore.set(`merchant_auth_${merchant.short_id}`, 'true', {
+                httpOnly: true,
+                maxAge: 60 * 60 * 24,
+                path: '/',
+            });
+        }
+
+        return NextResponse.json({ success: true });
+    } catch (err: any) {
+        return NextResponse.json({ error: err.message }, { status: 500 });
+    }
+}