From 320b77b32b76782c8c708a3733e7a7692df4a197 Mon Sep 17 00:00:00 2001
From: "Najjar\\NajjarV02" <mglnaj6>
Date: Mon, 20 Apr 2026 14:31:21 +0400
Subject: [PATCH] fix: contacts API - use ADMIN_JWT_SECRET env var

---
 src/app/api/admin/contacts/route.ts | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/app/api/admin/contacts/route.ts b/src/app/api/admin/contacts/route.ts
index 1c24d0d..c8a2133 100644
--- a/src/app/api/admin/contacts/route.ts
+++ b/src/app/api/admin/contacts/route.ts
@@ -11,8 +11,12 @@ export async function GET(request: Request) {
       return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
     }
 
-    const secret = new TextEncoder().encode(process.env.JWT_SECRET || 'fallback-secret');
-    await jose.jwtVerify(token, secret);
+    const jwtSecret = process.env.ADMIN_JWT_SECRET;
+    if (!jwtSecret) {
+      console.error('[/api/admin/contacts] ADMIN_JWT_SECRET is not defined');
+      return NextResponse.json({ error: 'Server error', detail: 'Missing JWT_SECRET env var' }, { status: 500 });
+    }
+    await jose.jwtVerify(token, new TextEncoder().encode(jwtSecret));
 
     const contacts = await prisma.contactRequest.findMany({
       orderBy: { createdAt: 'desc' },
@@ -20,7 +24,8 @@ export async function GET(request: Request) {
 
     return NextResponse.json({ contacts });
   } catch (error) {
-    console.error('Failed to load contacts:', error);
-    return NextResponse.json({ error: 'Failed to load contacts' }, { status: 500 });
+    console.error('[/api/admin/contacts] Full error:', error);
+    const message = error instanceof Error ? error.message : String(error);
+    return NextResponse.json({ error: 'Failed to load contacts', detail: message }, { status: 500 });
   }
 }