feat: secure KYC storage, Google OAuth, terms gating

app/api/upload/kyc/route.ts

@@ -0,0 +1,54 @@
+import { NextRequest, NextResponse } from "next/server";
+import { getServerSession } from "next-auth";
+import { authOptions } from "@/lib/auth";
+import {
+  ALLOWED_KYC_MIME,
+  MAX_KYC_FILE_BYTES,
+  isKycKind,
+  saveEncrypted,
+} from "@/lib/secure-storage";
+
+export const runtime = "nodejs";
+export const dynamic = "force-dynamic";
+
+export async function POST(req: NextRequest) {
+  const session = await getServerSession(authOptions);
+  if (!session?.user) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+
+  let form: FormData;
+  try {
+    form = await req.formData();
+  } catch {
+    return NextResponse.json({ error: "Body bukan multipart/form-data" }, { status: 400 });
+  }
+
+  const kind = String(form.get("kind") ?? "");
+  const file = form.get("file");
+
+  if (!isKycKind(kind)) {
+    return NextResponse.json({ error: "kind harus 'ktp' atau 'selfie'" }, { status: 400 });
+  }
+  if (!(file instanceof File)) {
+    return NextResponse.json({ error: "File wajib diisi" }, { status: 400 });
+  }
+  if (!ALLOWED_KYC_MIME.has(file.type)) {
+    return NextResponse.json(
+      { error: "Hanya menerima JPG, PNG, atau WebP" },
+      { status: 415 },
+    );
+  }
+  if (file.size > MAX_KYC_FILE_BYTES) {
+    return NextResponse.json({ error: "File maksimal 5MB" }, { status: 413 });
+  }
+
+  const buf = Buffer.from(await file.arrayBuffer());
+  const meta = await saveEncrypted(kind, buf, file.type);
+
+  return NextResponse.json({
+    key: meta.key,
+    mime: meta.mime,
+    size: meta.size,
+  });
+}