feat(newsletters): add error handling for unauthorized and forbidden access

Author: huamanraj

apps/web/src/app/(main)/dashboard/newsletters/[slug]/page.tsx

@@ -87,23 +87,40 @@ export default function NewsletterPage() {
   const slug = params.slug as string;
   const [newsletter, setNewsletter] = useState<NewsletterData | null>(null);
   const [loading, setLoading] = useState(true);
+  const [error, setError] = useState<'unauthorized' | 'forbidden' | 'not-found' | null>(null);
   const { isPaidUser, isLoading: subscriptionLoading } = useSubscription();
 
   useEffect(() => {
     if (subscriptionLoading) return;
 
     fetch(`/api/newsletters/${slug}`)
-      .then((res) => res.json())
+      .then(async (res) => {
+        if (res.status === 401) {
+          setError('unauthorized');
+          setLoading(false);
+          return null;
+        }
+        if (res.status === 403) {
+          setError('forbidden');
+          setLoading(false);
+          return null;
+        }
+        if (!res.ok) {
+          setError('not-found');
+          setLoading(false);
+          return null;
+        }
+        return res.json();
+      })
       .then((data) => {
-        if (data.error) {
-          setNewsletter(null);
-        } else {
+        if (data && !data.error) {
           setNewsletter(data);
+          setError(null);
         }
         setLoading(false);
       })
       .catch(() => {
-        setNewsletter(null);
+        setError('not-found');
         setLoading(false);
       });
   }, [slug, subscriptionLoading]);
@@ -119,10 +136,15 @@ export default function NewsletterPage() {
     );
   }
 
-  if (!isPaidUser) {
+  if (!isPaidUser || error === 'forbidden') {
     return <PremiumUpgradePrompt />;
   }
 
+  if (error === 'unauthorized') {
+    router.push('/login');
+    return null;
+  }
+
   if (loading) {
     return (
       <div className="w-full h-full overflow-auto">

apps/web/src/app/(main)/dashboard/newsletters/page.tsx

@@ -16,6 +16,7 @@ import { useNewsletterFilters } from "@/hooks/useNewsletterFilters";
 export default function NewslettersPage() {
   const [newsletters, setNewsletters] = useState<Newsletter[]>([]);
   const [loading, setLoading] = useState(true);
+  const [error, setError] = useState<'unauthorized' | 'forbidden' | null>(null);
   const [searchQuery, setSearchQuery] = useState("");
   const [timeFilter, setTimeFilter] = useState<TimeFilter>("all");
   const [sortFilter, setSortFilter] = useState<SortFilter>("newest");
@@ -28,9 +29,27 @@ export default function NewslettersPage() {
     if (subscriptionLoading) return;
 
     fetch("/api/newsletters")
-      .then((res) => res.json())
+      .then(async (res) => {
+        if (res.status === 401) {
+          setError('unauthorized');
+          setLoading(false);
+          return null;
+        }
+        if (res.status === 403) {
+          setError('forbidden');
+          setLoading(false);
+          return null;
+        }
+        if (!res.ok) {
+          setLoading(false);
+          return null;
+        }
+        return res.json();
+      })
       .then((data) => {
-        setNewsletters(data);
+        if (data) {
+          setNewsletters(data);
+        }
         setLoading(false);
       })
       .catch(() => setLoading(false));
@@ -72,7 +91,7 @@ export default function NewslettersPage() {
     );
   }
 
-  if (!isPaidUser) {
+  if (!isPaidUser || error === 'forbidden') {
     return <PremiumUpgradePrompt />;
   }
 

apps/web/src/app/api/newsletters/[slug]/route.ts

@@ -3,6 +3,9 @@ import fs from "fs";
 import path from "path";
 import matter from "gray-matter";
 import { marked } from "marked";
+import { getServerSession } from "next-auth";
+import { authConfig } from "@/lib/auth/config";
+import { serverTrpc } from "@/lib/trpc-server";
 
 // Configure marked for rich markdown support
 marked.setOptions({
@@ -18,6 +21,34 @@ export async function GET(
   _request: Request,
   { params }: { params: Promise<{ slug: string }> }
 ) {
+  // Authenticate user
+  const session = await getServerSession(authConfig);
+  
+  if (!session || !session.user?.email) {
+    return NextResponse.json(
+      { error: "Unauthorized - Please sign in" },
+      { status: 401 }
+    );
+  }
+
+  // Verify paid subscription
+  try {
+    const subscriptionStatus = await serverTrpc.user.subscriptionStatus.query();
+    
+    if (!subscriptionStatus.isPaidUser) {
+      return NextResponse.json(
+        { error: "Forbidden - Premium subscription required" },
+        { status: 403 }
+      );
+    }
+  } catch (error) {
+    console.error("Error checking subscription:", error);
+    return NextResponse.json(
+      { error: "Failed to verify subscription status" },
+      { status: 500 }
+    );
+  }
+
   const { slug } = await params;
   const now = Date.now();
   const cached = newsletterCache.get(slug);

apps/web/src/app/api/newsletters/route.ts

@@ -2,13 +2,44 @@ import { NextResponse } from "next/server";
 import fs from "fs";
 import path from "path";
 import matter from "gray-matter";
+import { getServerSession } from "next-auth";
+import { authConfig } from "@/lib/auth/config";
+import { serverTrpc } from "@/lib/trpc-server";
 
 // Cache newsletters in memory for faster subsequent loads
 let cachedNewsletters: any[] | null = null;
 let lastCacheTime = 0;
 const CACHE_DURATION = 60000; // 1 minute cache
 
 export async function GET() {
+  // Authenticate user
+  const session = await getServerSession(authConfig);
+  
+  if (!session || !session.user?.email) {
+    return NextResponse.json(
+      { error: "Unauthorized - Please sign in" },
+      { status: 401 }
+    );
+  }
+
+  // Verify paid subscription
+  try {
+    const subscriptionStatus = await serverTrpc.user.subscriptionStatus.query();
+    
+    if (!subscriptionStatus.isPaidUser) {
+      return NextResponse.json(
+        { error: "Forbidden - Premium subscription required" },
+        { status: 403 }
+      );
+    }
+  } catch (error) {
+    console.error("Error checking subscription:", error);
+    return NextResponse.json(
+      { error: "Failed to verify subscription status" },
+      { status: 500 }
+    );
+  }
+
   const now = Date.now();
 
   // Return cached data if available and fresh