LingvAI/pages/api/admin/settings.ts

import { NextApiHandler } from "next";
import { requireAdmin } from "@utils/admin-auth";
import { readSettings, writeSettings } from "@utils/settings-store";

const handler: NextApiHandler = async (req, res) => {
    if (!(await requireAdmin(req, res))) return;

    if (req.method === "GET") {
        const settings = readSettings();
        // Never expose the adminPasswordHash
        const { adminPasswordHash: _omit, ...safe } = settings;
        return res.status(200).json(safe);
    }

    if (req.method === "POST") {
        const {
            replicateApiToken,
            jigsawApiKey,
            modelVersion,
            replicateEnabled,
            replicateMode,
            localEndpoint,
            newPassword
        } = req.body ?? {};

        const updates: Parameters<typeof writeSettings>[0] = {};
        if (replicateApiToken !== undefined) updates.replicateApiToken = replicateApiToken;
        if (jigsawApiKey !== undefined) updates.jigsawApiKey = jigsawApiKey;
        if (modelVersion !== undefined) updates.modelVersion = modelVersion;
        if (replicateEnabled !== undefined) updates.replicateEnabled = Boolean(replicateEnabled);
        if (replicateMode === "cloud" || replicateMode === "local") updates.replicateMode = replicateMode;
        if (localEndpoint !== undefined) updates.localEndpoint = localEndpoint;
        if (newPassword && typeof newPassword === "string" && newPassword.length >= 6) {
            updates.adminPasswordHash = newPassword;
        }

        const saved = writeSettings(updates);
        const { adminPasswordHash: _omit, ...safe } = saved;
        return res.status(200).json(safe);
    }

    res.setHeader("Allow", ["GET", "POST"]);
    return res.status(405).json({ error: "Method Not Allowed" });
};

export default handler;