feat: require admin token for ingestion endpoints

apps/web/app/api/imports/route.ts

@@ -1,37 +1,12 @@
-import { z } from "zod";
-
-import { getDb } from "@tline/db";
+import { getAdminOk, handleCreateImport } from "./handlers";
 
 export const runtime = "nodejs";
 
-const bodySchema = z
-  .object({
-    type: z.enum(["upload", "minio_scan"]).default("upload"),
-  })
-  .strict();
-
 export async function POST(request: Request): Promise<Response> {
   const bodyJson = await request.json().catch(() => ({}));
-  const body = bodySchema.parse(bodyJson);
-
-  const db = getDb();
-  const rows = await db<
-    {
-      id: string;
-      type: "upload" | "minio_scan";
-      status: string;
-      created_at: string;
-    }[]
-  >`
-    insert into imports (type, status)
-    values (${body.type}, 'new')
-    returning id, type, status, created_at
-  `;
-
-  const created = rows[0];
-  if (!created) {
-    return Response.json({ error: "insert_failed" }, { status: 500 });
-  }
-
-  return Response.json(created);
+  const res = await handleCreateImport({
+    adminOk: getAdminOk(request.headers),
+    body: bodyJson,
+  });
+  return Response.json(res.body, { status: res.status });
 }