feat: add admin panel to manage candidatures and approve with Stripe link

- /admin page with secret-key authentication - List all candidatures with details (expandable cards) - Approve: updates status + generates Stripe checkout URL + sends email - Reject: updates status - Checkout URL displayed on screen for manual copy if Resend not configured - Protected by ADMIN_SECRET env var https://claude.ai/code/session_01H2aRGDaKgarPvhay2HxN6Y
2026-02-09 19:39:33 +00:00
parent db51e21075
commit c4934f5669
4 changed files with 539 additions and 0 deletions
--- a/app/api/admin/candidatures/route.ts
+++ b/app/api/admin/candidatures/route.ts
@@ -0,0 +1,29 @@
+import { NextResponse } from "next/server";
+import { createAdminClient } from "@/lib/supabase/server";
+
+export const runtime = "nodejs";
+
+// GET /api/admin/candidatures - Lister toutes les candidatures
+// Protégé par ADMIN_SECRET en query param
+export async function GET(request: Request) {
+  const { searchParams } = new URL(request.url);
+  const secret = searchParams.get("secret");
+
+  if (!process.env.ADMIN_SECRET || secret !== process.env.ADMIN_SECRET) {
+    return NextResponse.json({ error: "Non autorisé." }, { status: 401 });
+  }
+
+  const supabase = createAdminClient();
+
+  const { data, error } = await supabase
+    .from("candidatures")
+    .select("*")
+    .order("created_at", { ascending: false });
+
+  if (error) {
+    console.error("Erreur récupération candidatures:", error);
+    return NextResponse.json({ error: error.message }, { status: 500 });
+  }
+
+  return NextResponse.json({ candidatures: data });
+}