v3.0: Add /api/me route — returns user profile (plan, role, usage) from DB for client components

web/app/api/me/route.ts

@@ -0,0 +1,59 @@
+import { NextRequest, NextResponse } from "next/server";
+import { createClient } from "@/lib/supabase/server";
+
+/**
+ * GET /api/me
+ * Returns the current user's profile from DB.
+ * Used by client components (analyze page, etc.) to determine plan, role, usage.
+ * No hardcoded emails — everything comes from the database.
+ */
+export async function GET(req: NextRequest) {
+  try {
+    const supabase = await createClient();
+    const { data: { user } } = await supabase.auth.getUser();
+
+    if (!user) {
+      return NextResponse.json({
+        authenticated: false,
+        plan: "free",
+        role: "user",
+        isAdmin: false,
+        analyses_this_month: 0,
+      });
+    }
+
+    const { data: profile } = await supabase
+      .from("profiles")
+      .select("plan, role, is_banned, analyses_this_month, full_name, email")
+      .eq("id", user.id)
+      .single();
+
+    const plan = profile?.plan || "free";
+    const role = profile?.role || "user";
+
+    return NextResponse.json({
+      authenticated: true,
+      id: user.id,
+      email: profile?.email || user.email,
+      full_name: profile?.full_name || "",
+      plan,
+      role,
+      isAdmin: role === "admin",
+      is_banned: profile?.is_banned || false,
+      analyses_this_month: profile?.analyses_this_month || 0,
+      // Admins get unlimited everything
+      scan_limit: role === "admin" ? Infinity : plan === "free" ? 10 : Infinity,
+      can_upload: role === "admin" || plan !== "free",
+      can_compare: role === "admin" || plan !== "free",
+      can_export_pdf: role === "admin" || plan !== "free",
+    });
+  } catch (error) {
+    return NextResponse.json({
+      authenticated: false,
+      plan: "free",
+      role: "user",
+      isAdmin: false,
+      analyses_this_month: 0,
+    });
+  }
+}