From d3c7c87ed70a1a7940b3010ad3885664aa0cd73e Mon Sep 17 00:00:00 2001
From: "Builder.io" <builder-bot@builder.io>
Date: Sat, 8 Nov 2025 09:54:49 +0000
Subject: [PATCH] Create game token verification endpoint

cgen-c88dbcd85cbf48dcb82de934e825f1c2
---
 api/games/verify-token.ts | 69 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)
 create mode 100644 api/games/verify-token.ts

diff --git a/api/games/verify-token.ts b/api/games/verify-token.ts
new file mode 100644
index 00000000..470c23eb
--- /dev/null
+++ b/api/games/verify-token.ts
@@ -0,0 +1,69 @@
+import type { VercelRequest, VercelResponse } from "@vercel/node";
+import { createClient } from "@supabase/supabase-js";
+
+const supabase = createClient(
+  process.env.SUPABASE_URL || "",
+  process.env.SUPABASE_SERVICE_ROLE || "",
+);
+
+export default async function handler(req: VercelRequest, res: VercelResponse) {
+  if (req.method !== "POST" && req.method !== "GET") {
+    res.setHeader("Allow", "POST, GET");
+    return res.status(405).json({ error: "Method not allowed" });
+  }
+
+  try {
+    const { session_token, game } = req.method === "POST" ? req.body : req.query;
+
+    if (!session_token) {
+      return res.status(400).json({ error: "session_token is required" });
+    }
+
+    // Find the session
+    const { data: sessionData, error: sessionError } = await supabase
+      .from("game_sessions")
+      .select("*, user_profiles!inner(id, username, email, full_name, metadata)")
+      .eq("session_token", String(session_token))
+      .single();
+
+    if (sessionError || !sessionData) {
+      return res.status(401).json({ error: "Invalid or expired token" });
+    }
+
+    // Check if session is expired
+    const expiresAt = new Date(sessionData.expires_at);
+    if (expiresAt < new Date()) {
+      return res.status(401).json({ error: "Session has expired" });
+    }
+
+    // Optional: Verify game matches if provided
+    if (game && sessionData.game !== String(game).toLowerCase()) {
+      return res.status(403).json({ error: "Token is not valid for this game" });
+    }
+
+    // Update last activity
+    await supabase
+      .from("game_sessions")
+      .update({ last_activity: new Date().toISOString() })
+      .eq("session_token", String(session_token));
+
+    const user = sessionData.user_profiles;
+
+    return res.status(200).json({
+      valid: true,
+      user_id: user.id,
+      username: user.username,
+      email: user.email,
+      full_name: user.full_name,
+      game: sessionData.game,
+      platform: sessionData.platform,
+      expires_at: sessionData.expires_at,
+      metadata: user.metadata || {},
+    });
+  } catch (error: any) {
+    console.error("Token verification error:", error);
+    return res.status(500).json({
+      error: error?.message || "Verification failed",
+    });
+  }
+}