fix(audit): mobile critique + sécurité mobile + verifyMobileToken async
All checks were successful
CI / Lint, Unit Tests & Build (push) Successful in 5m21s
CI / Deploy production (on server) (push) Successful in 23s

Mobile fixes (CRITIQUE):
- theme.ts: C.surface + emerald/blue/amber/purple ajoutés (crash Révision fix)
- note/[id].tsx: édition préserve le HTML (titre seulement, contenu read-only)
  + message explicatif 'utilisez la version web'
- store.ts: logout appelle POST /api/mobile/auth/logout avant clearToken

Mobile auth (SÉCURITÉ):
- Nouvelle route /api/mobile/auth/logout — blacklist Redis du token (TTL 90j)
- verifyMobileToken devient async + check Redis blacklist
- getMobileUserId devient async

Note: Publication IA mode + templates déjà dans note-editor-toolbar.tsx (pas manquant)
Note: Structured Views Wizard déjà branché via StructuredViewsIntro (pas orphelin)
This commit is contained in:
Antigravity
2026-07-05 16:30:01 +00:00
parent d586048b52
commit df2b9c2c7b
5 changed files with 47 additions and 14 deletions

View File

@@ -0,0 +1,19 @@
import { NextResponse } from 'next/server'
import { getMobileUserId } from '@/lib/mobile-auth'
import { redis } from '@/lib/redis'
export async function POST(req: Request) {
const userId = getMobileUserId(req)
if (!userId) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
const auth = req.headers.get('Authorization') ?? ''
const token = auth.startsWith('Bearer ') ? auth.slice(7) : ''
if (token) {
try {
await redis.setex(`mobile:revoked:${token}`, 90 * 24 * 60 * 60, '1')
} catch {}
}
return NextResponse.json({ success: true })
}