From 3b34d7518b07eb07e0f24653e4b6cbcdc71d106e Mon Sep 17 00:00:00 2001
From: Andrei <andrei@cloudz.ro>
Date: Wed, 24 Sep 2025 10:06:29 +0000
Subject: [PATCH] Fix admin authentication cookie handling
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Updated verifyAdminAuth to check for adminToken cookie in addition to Bearer token
- Added fallback to parse cookie from request headers when cookies() API fails
- This fixes admin dashboard login issues where authentication was failing

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 lib/admin-auth.ts | 29 ++++++++++++++++++++++++++---
 1 file changed, 26 insertions(+), 3 deletions(-)

diff --git a/lib/admin-auth.ts b/lib/admin-auth.ts
index 939be0f..40aa0be 100644
--- a/lib/admin-auth.ts
+++ b/lib/admin-auth.ts
@@ -1,6 +1,7 @@
 import { NextRequest } from 'next/server';
 import { verify, sign } from 'jsonwebtoken';
 import { prisma } from '@/lib/db';
+import { cookies } from 'next/headers';
 
 const JWT_SECRET = process.env.JWT_SECRET || 'fallback-secret-key';
 
@@ -29,12 +30,34 @@ export interface AdminUser {
 
 export async function verifyAdminAuth(request: NextRequest): Promise<AdminUser | null> {
   try {
+    let token: string | null = null;
+
+    // First try to get token from Authorization header
     const authHeader = request.headers.get('authorization');
-    if (!authHeader?.startsWith('Bearer ')) {
-      return null;
+    if (authHeader?.startsWith('Bearer ')) {
+      token = authHeader.substring(7);
     }
 
-    const token = authHeader.substring(7);
+    // If no Authorization header, try to get token from cookie
+    if (!token) {
+      try {
+        const cookieStore = await cookies();
+        token = cookieStore.get('adminToken')?.value || null;
+      } catch (error) {
+        // If cookies() fails (e.g., in middleware), try to get cookie from request headers
+        const cookieHeader = request.headers.get('cookie');
+        if (cookieHeader) {
+          const matches = cookieHeader.match(/adminToken=([^;]+)/);
+          if (matches) {
+            token = matches[1];
+          }
+        }
+      }
+    }
+
+    if (!token) {
+      return null;
+    }
 
     let payload: any;
     try {