SurfSense/surfsense_web/app/api/zero/query/route.ts

import { mustGetQuery } from "@rocicorp/zero";
import { handleQueryRequest } from "@rocicorp/zero/server";
import { NextResponse } from "next/server";
import type { Context } from "@/types/zero";
import { queries } from "@/zero/queries";
import { schema } from "@/zero/schema";

const backendURL = process.env.NEXT_PUBLIC_FASTAPI_BACKEND_URL || "http://localhost:8000";

async function authenticateRequest(
	request: Request
): Promise<{ ctx: Context; error?: never } | { ctx?: never; error: NextResponse }> {
	const authHeader = request.headers.get("Authorization");
	if (!authHeader?.startsWith("Bearer ")) {
		return { ctx: undefined };
	}

	try {
		const res = await fetch(`${backendURL}/users/me`, {
			headers: { Authorization: authHeader },
		});

		if (!res.ok) {
			return { error: NextResponse.json({ error: "Unauthorized" }, { status: 401 }) };
		}

		const user = await res.json();
		return { ctx: { userId: String(user.id) } };
	} catch {
		return { error: NextResponse.json({ error: "Auth service unavailable" }, { status: 503 }) };
	}
}

export async function POST(request: Request) {
	const auth = await authenticateRequest(request);
	if (auth.error) {
		return auth.error;
	}

	const result = await handleQueryRequest(
		(name, args) => {
			const query = mustGetQuery(queries, name);
			return query.fn({ args, ctx: auth.ctx });
		},
		schema,
		request
	);

	return NextResponse.json(result);
}
feat: add Zero query endpoint and configure ZERO_QUERY_URL - Create app/api/zero/query/route.ts — resolves named queries to ZQL using handleQueryRequest and mustGetQuery from @rocicorp/zero - Add ZERO_QUERY_URL to both docker-compose files: - dev: http://host.docker.internal:3000 (reaches local Next.js from Docker) - prod: http://frontend:3000 (Docker service networking) Without this endpoint, zero-cache cannot resolve named queries and no data syncs to the client. 2026-03-23 20:58:42 +02:00			`import { mustGetQuery } from "@rocicorp/zero";`
			`import { handleQueryRequest } from "@rocicorp/zero/server";`
			`import { NextResponse } from "next/server";`
add auth to Zero query endpoint and ZeroProvider 2026-03-24 16:06:20 +02:00			`import type { Context } from "@/types/zero";`
feat: add Zero query endpoint and configure ZERO_QUERY_URL - Create app/api/zero/query/route.ts — resolves named queries to ZQL using handleQueryRequest and mustGetQuery from @rocicorp/zero - Add ZERO_QUERY_URL to both docker-compose files: - dev: http://host.docker.internal:3000 (reaches local Next.js from Docker) - prod: http://frontend:3000 (Docker service networking) Without this endpoint, zero-cache cannot resolve named queries and no data syncs to the client. 2026-03-23 20:58:42 +02:00			`import { queries } from "@/zero/queries";`
			`import { schema } from "@/zero/schema";`

add auth to Zero query endpoint and ZeroProvider 2026-03-24 16:06:20 +02:00			`const backendURL = process.env.NEXT_PUBLIC_FASTAPI_BACKEND_URL \|\| "http://localhost:8000";`

			`async function authenticateRequest(`
			`request: Request`
			`): Promise<{ ctx: Context; error?: never } \| { ctx?: never; error: NextResponse }> {`
			`const authHeader = request.headers.get("Authorization");`
			`if (!authHeader?.startsWith("Bearer ")) {`
fix: always render ZeroProvider, allow anon queries without 401 2026-03-24 16:59:42 +02:00			`return { ctx: undefined };`
add auth to Zero query endpoint and ZeroProvider 2026-03-24 16:06:20 +02:00			`}`

			`try {`
			const res = await fetch(`${backendURL}/users/me`, {
			`headers: { Authorization: authHeader },`
			`});`

			`if (!res.ok) {`
			`return { error: NextResponse.json({ error: "Unauthorized" }, { status: 401 }) };`
			`}`

			`const user = await res.json();`
			`return { ctx: { userId: String(user.id) } };`
			`} catch {`
			`return { error: NextResponse.json({ error: "Auth service unavailable" }, { status: 503 }) };`
			`}`
			`}`

feat: add Zero query endpoint and configure ZERO_QUERY_URL - Create app/api/zero/query/route.ts — resolves named queries to ZQL using handleQueryRequest and mustGetQuery from @rocicorp/zero - Add ZERO_QUERY_URL to both docker-compose files: - dev: http://host.docker.internal:3000 (reaches local Next.js from Docker) - prod: http://frontend:3000 (Docker service networking) Without this endpoint, zero-cache cannot resolve named queries and no data syncs to the client. 2026-03-23 20:58:42 +02:00			`export async function POST(request: Request) {`
add auth to Zero query endpoint and ZeroProvider 2026-03-24 16:06:20 +02:00			`const auth = await authenticateRequest(request);`
			`if (auth.error) {`
			`return auth.error;`
			`}`

feat: add Zero query endpoint and configure ZERO_QUERY_URL - Create app/api/zero/query/route.ts — resolves named queries to ZQL using handleQueryRequest and mustGetQuery from @rocicorp/zero - Add ZERO_QUERY_URL to both docker-compose files: - dev: http://host.docker.internal:3000 (reaches local Next.js from Docker) - prod: http://frontend:3000 (Docker service networking) Without this endpoint, zero-cache cannot resolve named queries and no data syncs to the client. 2026-03-23 20:58:42 +02:00			`const result = await handleQueryRequest(`
			`(name, args) => {`
			`const query = mustGetQuery(queries, name);`
add auth to Zero query endpoint and ZeroProvider 2026-03-24 16:06:20 +02:00			`return query.fn({ args, ctx: auth.ctx });`
feat: add Zero query endpoint and configure ZERO_QUERY_URL - Create app/api/zero/query/route.ts — resolves named queries to ZQL using handleQueryRequest and mustGetQuery from @rocicorp/zero - Add ZERO_QUERY_URL to both docker-compose files: - dev: http://host.docker.internal:3000 (reaches local Next.js from Docker) - prod: http://frontend:3000 (Docker service networking) Without this endpoint, zero-cache cannot resolve named queries and no data syncs to the client. 2026-03-23 20:58:42 +02:00			`},`
			`schema,`
add auth to Zero query endpoint and ZeroProvider 2026-03-24 16:06:20 +02:00			`request`
feat: add Zero query endpoint and configure ZERO_QUERY_URL - Create app/api/zero/query/route.ts — resolves named queries to ZQL using handleQueryRequest and mustGetQuery from @rocicorp/zero - Add ZERO_QUERY_URL to both docker-compose files: - dev: http://host.docker.internal:3000 (reaches local Next.js from Docker) - prod: http://frontend:3000 (Docker service networking) Without this endpoint, zero-cache cannot resolve named queries and no data syncs to the client. 2026-03-23 20:58:42 +02:00			`);`

			`return NextResponse.json(result);`
			`}`