fix: require authentication for GET /api/newsletter stats endpoint (#351)

[Siddh2024]

Description

Fixes #351

The \GET /api/newsletter\ endpoint was exposing subscriber data (emails, names, dates, sources) without any authentication. Any visitor could enumerate the full subscriber list.

Changes

• Added \�uth\ import from @clerk/nextjs/server\
• Added authentication check at the start of the \GET\ handler
• Returns \401 Unauthorized\ if no authenticated user

Security Impact

• ✅ Subscriber data is now protected behind Clerk authentication
• ✅ Only authenticated users can access subscriber statistics
• ✅ Prevents unauthorized enumeration of the subscriber list

[vercel]

@Siddh2024 is attempting to deploy a commit to the Darshan Rajput's projects Team on Vercel.

A member of the Team first needs to authorize it.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: cb1b80716e

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Restrict newsletter stats to admins

For any regular signed-in Clerk user, this check only verifies that auth() returned a userId, so GET /api/newsletter still returns recentSubscribers with subscriber emails/names/sources. Since this handler is marked admin-only and sign-up is public in the app, the sensitive subscriber list remains exposed to all authenticated users unless you also validate an admin role/metadata or move it behind an admin-only route.

Useful? React with 👍 / 👎.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
the-dev-pocket-961a	Error		Jun 5, 2026 4:18am

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[Darshan3690]

@Siddh2024
Thanks for catching this.

You're right — the current implementation only checks whether the request is authenticated (userId exists), but it doesn't verify that the user has admin privileges. Since the endpoint returns subscriber information, authenticated non-admin users could still access sensitive data.

Could you please update the implementation to enforce admin authorization (e.g., validate admin role/metadata or use our existing admin access helper) before returning newsletter stats?

Once that's addressed, I'll re-review and merge.

[Siddh2024]

@Darshan3690 I've added the admin authorization check as requested. The GET handler now:

1. Authenticates via �uth() — returns 401 if unauthenticated
2. Fetches user metadata via clerkClient.users.getUser(userId)
3. Checks admin role — returns 403 if publicMetadata.role !== admin

This ensures only users with the admin role can access newsletter subscriber data. The update is pushed to the ix/issue-351-newsletter-auth branch.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[Darshan3690]

resolve conflicts. @Siddh2024

[Siddh2024]

resolve conflicts. @Siddh2024
@Darshan3690 , done .

[Copilot]

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.

[Darshan3690]

@Siddh2024 check copilot comment