@morphika/andami 0.1.2

package/app/api/admin/pages/[slug]/route.ts

@@ -0,0 +1,617 @@
+import { NextRequest, NextResponse } from "next/server";
+import { revalidatePath } from "next/cache";
+import { client } from "../../../../../lib/sanity/client";
+import { writeClient } from "../../../../../lib/sanity/writeClient";
+import { pageBySlugQuery } from "../../../../../lib/sanity/queries";
+import { isAdminAuthenticated } from "../../../../../lib/auth";
+import { isSafeUrl, isValidAssetPath, isBodyTooLarge, MAX_PAGE_BODY_SIZE, MAX_JSON_BODY_SIZE } from "../../../../../lib/security";
+import { validateCsrf, csrfErrorResponse } from "../../../../../lib/csrf";
+import { auditLog } from "../../../../../lib/audit";
+import { logger } from "../../../../../lib/logger";
+/** Raw nav_items from Sanity before GROQ projection resolves references */
+interface RawNavItem {
+  _key: string;
+  internal_page?: { _ref: string };
+  [key: string]: unknown;
+}
+
+// ─── Helpers ──────────────────────────────────────────────────────────────
+
+/** Validate basic row→column→block structure before deeper sanitization.
+ *  Supports both Row (columns→blocks) and PageSection (_type: "pageSection", block array).
+ */
+function validateBlockStructure(rows: unknown[]): { valid: boolean; error?: string } {
+  if (!Array.isArray(rows)) return { valid: false, error: "content_rows must be an array" };
+  for (let i = 0; i < rows.length; i++) {
+    const row = rows[i];
+    if (!row || typeof row !== "object") return { valid: false, error: `Item ${i}: must be an object` };
+    const r = row as Record<string, unknown>;
+    if (typeof r._key !== "string" || !r._key) return { valid: false, error: `Item ${i}: missing _key` };
+
+    // CustomSectionInstance: validate reference fields + strip unknown fields (Sessions 107, 110)
+    if (r._type === "customSectionInstance") {
+      if (typeof r.custom_section_id !== "string" || !r.custom_section_id) {
+        return { valid: false, error: `Item ${i}: customSectionInstance missing custom_section_id` };
+      }
+      // m4 fix: allowlist — only keep known fields, strip anything injected (Session 110)
+      const allowedKeys = new Set(["_type", "_key", "custom_section_id", "custom_section_slug", "custom_section_title", "settings_overrides", "responsive_overrides"]);
+      for (const key of Object.keys(r)) {
+        if (!allowedKeys.has(key)) {
+          delete r[key];
+        }
+      }
+      continue;
+    }
+
+    // PageSection: validate block array instead of columns
+    if (r._type === "pageSection") {
+      if (!Array.isArray(r.block)) return { valid: false, error: `Section ${i}: block must be an array` };
+      const blocks = r.block as unknown[];
+      for (let k = 0; k < blocks.length; k++) {
+        const block = blocks[k];
+        if (!block || typeof block !== "object") return { valid: false, error: `Section ${i}, block ${k}: must be an object` };
+        const b = block as Record<string, unknown>;
+        if (typeof b._key !== "string" || !b._key) return { valid: false, error: `Section ${i}, block ${k}: missing _key` };
+        if (typeof b._type !== "string" || !b._type) return { valid: false, error: `Section ${i}, block ${k}: missing _type` };
+      }
+      continue;
+    }
+
+    // ParallaxGroup: validate slides array with columns→blocks inside each slide (Session 127)
+    if (r._type === "parallaxGroup") {
+      if (!Array.isArray(r.slides)) return { valid: false, error: `ParallaxGroup ${i}: slides must be an array` };
+      const slides = r.slides as unknown[];
+      for (let s = 0; s < slides.length; s++) {
+        const slide = slides[s];
+        if (!slide || typeof slide !== "object") return { valid: false, error: `ParallaxGroup ${i}, slide ${s}: must be an object` };
+        const sl = slide as Record<string, unknown>;
+        if (typeof sl._key !== "string" || !sl._key) return { valid: false, error: `ParallaxGroup ${i}, slide ${s}: missing _key` };
+        if (!Array.isArray(sl.columns)) return { valid: false, error: `ParallaxGroup ${i}, slide ${s}: columns must be an array` };
+        for (let j = 0; j < (sl.columns as unknown[]).length; j++) {
+          const col = (sl.columns as unknown[])[j];
+          if (!col || typeof col !== "object") return { valid: false, error: `ParallaxGroup ${i}, slide ${s}, col ${j}: must be an object` };
+          const c = col as Record<string, unknown>;
+          if (typeof c._key !== "string" || !c._key) return { valid: false, error: `ParallaxGroup ${i}, slide ${s}, col ${j}: missing _key` };
+          if (c.blocks !== undefined && !Array.isArray(c.blocks)) return { valid: false, error: `ParallaxGroup ${i}, slide ${s}, col ${j}: blocks must be an array` };
+          const blocks = (c.blocks || []) as unknown[];
+          for (let k = 0; k < blocks.length; k++) {
+            const block = blocks[k];
+            if (!block || typeof block !== "object") return { valid: false, error: `ParallaxGroup ${i}, slide ${s}, col ${j}, block ${k}: must be an object` };
+            const b = block as Record<string, unknown>;
+            if (typeof b._key !== "string" || !b._key) return { valid: false, error: `ParallaxGroup ${i}, slide ${s}, col ${j}, block ${k}: missing _key` };
+            if (typeof b._type !== "string" || !b._type) return { valid: false, error: `ParallaxGroup ${i}, slide ${s}, col ${j}, block ${k}: missing _type` };
+          }
+        }
+      }
+      continue;
+    }
+
+    // Regular Row (pageSectionV2): validate columns→blocks
+    if (!Array.isArray(r.columns)) return { valid: false, error: `Row ${i}: columns must be an array` };
+    for (let j = 0; j < (r.columns as unknown[]).length; j++) {
+      const col = (r.columns as unknown[])[j];
+      if (!col || typeof col !== "object") return { valid: false, error: `Row ${i}, col ${j}: must be an object` };
+      const c = col as Record<string, unknown>;
+      if (typeof c._key !== "string" || !c._key) return { valid: false, error: `Row ${i}, col ${j}: missing _key` };
+      if (c.blocks !== undefined && !Array.isArray(c.blocks)) return { valid: false, error: `Row ${i}, col ${j}: blocks must be an array` };
+      const blocks = (c.blocks || []) as unknown[];
+      for (let k = 0; k < blocks.length; k++) {
+        const block = blocks[k];
+        if (!block || typeof block !== "object") return { valid: false, error: `Row ${i}, col ${j}, block ${k}: must be an object` };
+        const b = block as Record<string, unknown>;
+        if (typeof b._key !== "string" || !b._key) return { valid: false, error: `Row ${i}, col ${j}, block ${k}: missing _key` };
+        if (typeof b._type !== "string" || !b._type) return { valid: false, error: `Row ${i}, col ${j}, block ${k}: missing _type` };
+      }
+    }
+  }
+  return { valid: true };
+}
+
+/** Validate a single block's URLs and asset paths */
+function sanitizeSingleBlock(blockRecord: Record<string, unknown>): { valid: boolean; error?: string } {
+  // BUG-017 fix: check correct Sanity type name "buttonBlock" (not "button")
+  if (blockRecord._type === "buttonBlock") {
+    const url = blockRecord.url;
+    if (typeof url === "string" && !isSafeUrl(url)) {
+      return { valid: false, error: "Invalid URL protocol in button" };
+    }
+  }
+
+  // Validate image/video asset paths
+  const assetPath = blockRecord.asset_path;
+  if (typeof assetPath === "string" && !isValidAssetPath(assetPath)) {
+    return { valid: false, error: "Invalid asset path" };
+  }
+
+  // Validate cover block URLs
+  const linkUrl = blockRecord.link_url;
+  if (typeof linkUrl === "string" && !isSafeUrl(linkUrl)) {
+    return { valid: false, error: "Invalid URL protocol in link" };
+  }
+
+  // Check nested items (e.g. image grid items)
+  const items = blockRecord.items;
+  if (Array.isArray(items)) {
+    for (const item of items) {
+      if (!item || typeof item !== "object") continue;
+      const itemRecord = item as Record<string, unknown>;
+      const itemAssetPath = itemRecord.asset_path;
+      if (typeof itemAssetPath === "string" && !isValidAssetPath(itemAssetPath)) {
+        return { valid: false, error: "Invalid asset path in grid item" };
+      }
+      const itemLinkUrl = itemRecord.link_url;
+      if (typeof itemLinkUrl === "string" && !isSafeUrl(itemLinkUrl)) {
+        return { valid: false, error: "Invalid URL in grid item" };
+      }
+    }
+  }
+
+  return { valid: true };
+}
+
+/** Sanitize all blocks inside a columns array (shared by V2 sections and parallax slides) */
+function sanitizeColumnsBlocks(columns: unknown[]): { valid: boolean; error?: string } {
+  for (const col of columns) {
+    if (!col || typeof col !== "object") continue;
+    const colRecord = col as Record<string, unknown>;
+    const blocks = colRecord.blocks;
+    if (!Array.isArray(blocks)) continue;
+
+    for (const block of blocks) {
+      if (!block || typeof block !== "object") continue;
+      const result = sanitizeSingleBlock(block as Record<string, unknown>);
+      if (!result.valid) return result;
+    }
+  }
+  return { valid: true };
+}
+
+/** Recursively sanitize URLs and asset paths in block content.
+ *  Supports Row (columns→blocks), PageSection (block array), and ParallaxGroup (slides→columns→blocks).
+ */
+function sanitizeBlockContent(rows: unknown[]): { valid: boolean; error?: string } {
+  if (!Array.isArray(rows)) return { valid: true };
+
+  for (const row of rows) {
+    if (!row || typeof row !== "object") continue;
+    const rowRecord = row as Record<string, unknown>;
+
+    // PageSection: sanitize block array directly
+    if (rowRecord._type === "pageSection") {
+      const sectionBlocks = rowRecord.block;
+      if (!Array.isArray(sectionBlocks)) continue;
+      for (const block of sectionBlocks) {
+        if (!block || typeof block !== "object") continue;
+        const result = sanitizeSingleBlock(block as Record<string, unknown>);
+        if (!result.valid) return result;
+      }
+      continue;
+    }
+
+    // ParallaxGroup: sanitize blocks inside each slide's columns (Session 127)
+    if (rowRecord._type === "parallaxGroup") {
+      const slides = rowRecord.slides;
+      if (!Array.isArray(slides)) continue;
+      for (const slide of slides) {
+        if (!slide || typeof slide !== "object") continue;
+        const slideRecord = slide as Record<string, unknown>;
+        // Validate asset paths in slide background fields
+        const bgImage = slideRecord.background_image;
+        if (typeof bgImage === "string" && !isValidAssetPath(bgImage)) {
+          return { valid: false, error: "Invalid asset path in parallax slide background" };
+        }
+        const bgVideo = slideRecord.background_video;
+        if (typeof bgVideo === "string" && !isValidAssetPath(bgVideo)) {
+          return { valid: false, error: "Invalid asset path in parallax slide video" };
+        }
+        // Sanitize blocks inside slide columns
+        const columns = slideRecord.columns;
+        if (Array.isArray(columns)) {
+          const result = sanitizeColumnsBlocks(columns);
+          if (!result.valid) return result;
+        }
+      }
+      continue;
+    }
+
+    // CustomSectionInstance: no blocks to sanitize
+    if (rowRecord._type === "customSectionInstance") {
+      continue;
+    }
+
+    // Regular Row (pageSectionV2): sanitize columns→blocks
+    const columns = rowRecord.columns;
+    if (!Array.isArray(columns)) continue;
+    const result = sanitizeColumnsBlocks(columns);
+    if (!result.valid) return result;
+  }
+  return { valid: true };
+}
+
+// ─── Route handlers ───────────────────────────────────────────────────────
+
+/**
+ * GET /api/admin/pages/[slug] — Fetch a page by slug for editing
+ */
+export async function GET(
+  _request: NextRequest,
+  { params }: { params: Promise<{ slug: string }> }
+) {
+  if (!(await isAdminAuthenticated())) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+
+  try {
+    const { slug } = await params;
+    const page = await client.fetch(pageBySlugQuery, { slug });
+
+    if (!page) {
+      return NextResponse.json(
+        { error: "Resource not found" },
+        { status: 404 }
+      );
+    }
+
+    return NextResponse.json({ page });
+  } catch (err) {
+    logger.error("[Admin:Pages]", "Failed to fetch page", err);
+    return NextResponse.json(
+      { error: "Failed to fetch page" },
+      { status: 500 }
+    );
+  }
+}
+
+/**
+ * POST /api/admin/pages/[slug] — Save/update a page from the builder
+ * Body: Sanity document payload from stateToDocument()
+ */
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ slug: string }> }
+) {
+  if (!(await isAdminAuthenticated())) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+  if (!validateCsrf(request)) {
+    return csrfErrorResponse();
+  }
+  if (isBodyTooLarge(request, MAX_PAGE_BODY_SIZE)) {
+    return NextResponse.json({ error: "Request body too large" }, { status: 413 });
+  }
+
+  try {
+    const { slug } = await params;
+    const body = await request.json();
+
+    // Validate content_rows structure and sanitize URLs/asset paths before saving
+    if (body.content_rows) {
+      const structureCheck = validateBlockStructure(body.content_rows);
+      if (!structureCheck.valid) {
+        return NextResponse.json(
+          { error: structureCheck.error || "Invalid content structure" },
+          { status: 400 }
+        );
+      }
+      const sanitizeCheck = sanitizeBlockContent(body.content_rows);
+      if (!sanitizeCheck.valid) {
+        return NextResponse.json(
+          { error: sanitizeCheck.error || "Invalid content" },
+          { status: 400 }
+        );
+      }
+    }
+
+    // Find existing document by slug
+    const existing = await client.fetch(
+      `*[_type == "page" && slug.current == $slug][0]._id`,
+      { slug }
+    );
+
+    if (!existing) {
+      return NextResponse.json(
+        { error: "Resource not found" },
+        { status: 404 }
+      );
+    }
+
+    // If setting this page as home, atomically unset previous + set new using transaction
+    if (body.is_home === true) {
+      const currentHomeId = await client.fetch(
+        `*[_type == "page" && is_home == true && _id != $id][0]._id`,
+        { id: existing }
+      );
+      if (currentHomeId) {
+        await writeClient
+          .transaction()
+          .patch(currentHomeId, (p) => p.set({ is_home: false }))
+          .patch(existing, (p) => p.set({ is_home: true }))
+          .commit();
+        // Skip setting is_home again below since transaction already handled it
+        delete body.is_home;
+      }
+    }
+
+    // Build patch — update mutable fields
+    const patch = writeClient.patch(existing);
+
+    if (body.title !== undefined) patch.set({ title: body.title });
+    if (body.slug !== undefined) patch.set({ slug: body.slug });
+    if (body.page_type !== undefined) patch.set({ page_type: body.page_type });
+    if (body.is_home !== undefined) patch.set({ is_home: body.is_home });
+    if (body.content_rows !== undefined) patch.set({ content_rows: body.content_rows });
+    if (body.metadata !== undefined) patch.set({ metadata: body.metadata });
+    if (body.page_settings !== undefined) patch.set({ page_settings: body.page_settings });
+    if (body.draft_mode !== undefined) patch.set({ draft_mode: body.draft_mode });
+    if (body.published_at !== undefined) patch.set({ published_at: body.published_at });
+    if (body.thumbnail_path !== undefined) patch.set({ thumbnail_path: body.thumbnail_path });
+    if (body.cover_video !== undefined) patch.set({ cover_video: body.cover_video });
+
+    const updated = await patch.commit();
+
+    auditLog("page.update", { slug });
+
+    // Fetch page type to determine revalidation paths
+    const pageDoc = await client.fetch<{ page_type?: string; slug?: { current?: string } } | null>(
+      `*[_type == "page" && _id == $id][0]{ page_type, slug }`,
+      { id: existing }
+    );
+    const pType = pageDoc?.page_type;
+    const currentSlug = pageDoc?.slug?.current || slug;
+
+    // If draft_mode changed, revalidate the public path so the page appears/disappears
+    if (body.draft_mode !== undefined) {
+      const publicPath = pType === "project" ? `/work/${currentSlug}` : `/${currentSlug}`;
+      revalidatePath(publicPath);
+      revalidatePath("/", "layout");
+    }
+
+    // If this is a project, revalidate the /api/projects endpoint so ProjectGrid
+    // and ParallaxShowcase blocks show the latest data without waiting for ISR expiry
+    if (pType === "project") {
+      revalidatePath("/api/projects");
+    }
+
+    return NextResponse.json({ page: updated });
+  } catch (err) {
+    logger.error("[Admin:Pages]", "Failed to save page", err);
+    return NextResponse.json(
+      { error: "Failed to save page" },
+      { status: 500 }
+    );
+  }
+}
+
+/**
+ * DELETE /api/admin/pages/[slug] — Delete a page
+ */
+// ─── PATCH — Update page settings (title, slug) ─────────────────────────────
+
+export async function PATCH(
+  request: NextRequest,
+  { params }: { params: Promise<{ slug: string }> }
+) {
+  if (!(await isAdminAuthenticated())) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+  if (!validateCsrf(request)) {
+    return csrfErrorResponse();
+  }
+
+  if (isBodyTooLarge(request, MAX_JSON_BODY_SIZE)) {
+    return NextResponse.json({ error: "Request body too large" }, { status: 413 });
+  }
+
+  try {
+    const { slug } = await params;
+    const body = await request.json();
+
+    // Validate input
+    const { title, newSlug } = body as { title?: string; newSlug?: string };
+    if (!title && !newSlug) {
+      return NextResponse.json({ error: "Nothing to update" }, { status: 400 });
+    }
+    if (title && (typeof title !== "string" || title.length > 200)) {
+      return NextResponse.json({ error: "Invalid title" }, { status: 400 });
+    }
+    if (newSlug) {
+      if (typeof newSlug !== "string" || newSlug.length > 100) {
+        return NextResponse.json({ error: "Invalid slug" }, { status: 400 });
+      }
+      // Only allow lowercase alphanumeric + hyphens
+      if (!/^[a-z0-9]+(?:-[a-z0-9]+)*$/.test(newSlug)) {
+        return NextResponse.json(
+          { error: "Slug must be lowercase alphanumeric with hyphens only" },
+          { status: 400 }
+        );
+      }
+    }
+
+    // Find existing document
+    const existing = await client.fetch(
+      `*[_type == "page" && slug.current == $slug][0]._id`,
+      { slug }
+    );
+    if (!existing) {
+      return NextResponse.json({ error: "Page not found" }, { status: 404 });
+    }
+
+    // If changing slug, check for conflicts
+    if (newSlug && newSlug !== slug) {
+      const conflict = await client.fetch(
+        `*[_type == "page" && slug.current == $newSlug][0]._id`,
+        { newSlug }
+      );
+      if (conflict) {
+        return NextResponse.json(
+          { error: "A page with that slug already exists" },
+          { status: 409 }
+        );
+      }
+    }
+
+    // Build patch
+    const patch: Record<string, unknown> = {};
+    if (title) patch.title = title.trim();
+    if (newSlug && newSlug !== slug) patch["slug.current"] = newSlug;
+
+    await writeClient.patch(existing).set(patch).commit();
+
+    // ── Slug cascade: update references in ProjectGrid / ParallaxShowcase blocks ──
+    // When a project slug changes, find all pages whose content_rows contain
+    // blocks that reference the old slug and rewrite them to the new slug.
+    if (newSlug && newSlug !== slug) {
+      try {
+        // Find pages that contain the old slug anywhere in content_rows
+        const referencingPages = await client.fetch<
+          { _id: string; content_rows: unknown[] }[]
+        >(
+          `*[_type == "page" && content_rows[].columns[].blocks[].project_slug == $oldSlug]{
+            _id, content_rows
+          }`,
+          { oldSlug: slug }
+        );
+
+        for (const page of referencingPages) {
+          let changed = false;
+          const rows = JSON.parse(JSON.stringify(page.content_rows || []));
+
+          for (const row of rows) {
+            if (!row?.columns) continue;
+            for (const col of row.columns) {
+              if (!col?.blocks) continue;
+              for (const block of col.blocks) {
+                const btype = block?._type;
+                if (btype !== "projectGridBlock") continue;
+                if (!Array.isArray(block.projects)) continue;
+                for (const item of block.projects) {
+                  if (item.project_slug === slug) {
+                    item.project_slug = newSlug;
+                    changed = true;
+                  }
+                }
+              }
+            }
+          }
+
+          if (changed) {
+            await writeClient.patch(page._id).set({ content_rows: rows }).commit();
+            auditLog("page.slug_cascade", { page_id: page._id, oldSlug: slug, newSlug });
+          }
+        }
+      } catch (cascadeErr) {
+        // Non-fatal: log but don't fail the rename
+        logger.error("[Admin:Pages]", "Slug cascade failed (non-fatal)", cascadeErr);
+      }
+    }
+
+    // Revalidate ISR cache for affected paths
+    // Determine page type to build the correct public path
+    const pageDoc = await client.fetch<{ page_type?: string } | null>(
+      `*[_type == "page" && _id == $id][0]{ page_type }`,
+      { id: existing }
+    );
+    const pType = pageDoc?.page_type;
+    const oldPublicPath = pType === "project" ? `/work/${slug}` : `/${slug}`;
+    revalidatePath(oldPublicPath);
+    if (newSlug && newSlug !== slug) {
+      const newPublicPath = pType === "project" ? `/work/${newSlug}` : `/${newSlug}`;
+      revalidatePath(newPublicPath);
+    }
+    // Revalidate layout to update navs, project grids, etc.
+    revalidatePath("/", "layout");
+    // If this is a project, purge /api/projects so grids reflect slug changes
+    if (pType === "project") {
+      revalidatePath("/api/projects");
+    }
+
+    auditLog("page.update_settings", { slug, ...patch });
+
+    return NextResponse.json({ success: true, slug: newSlug || slug });
+  } catch (err) {
+    logger.error("[Admin:Pages]", "Failed to update page settings", err);
+    return NextResponse.json(
+      { error: "Failed to update page settings" },
+      { status: 500 }
+    );
+  }
+}
+
+// ─── DELETE ──────────────────────────────────────────────────────────────────
+
+export async function DELETE(
+  request: NextRequest,
+  { params }: { params: Promise<{ slug: string }> }
+) {
+  if (!(await isAdminAuthenticated())) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+  if (!validateCsrf(request)) {
+    return csrfErrorResponse();
+  }
+
+  try {
+    const { slug } = await params;
+
+    // Find existing document by slug (fetch page_type before deletion for revalidation)
+    const existingDoc = await client.fetch<{ _id: string; page_type?: string } | null>(
+      `*[_type == "page" && slug.current == $slug][0]{ _id, page_type }`,
+      { slug }
+    );
+
+    if (!existingDoc) {
+      return NextResponse.json(
+        { error: "Resource not found" },
+        { status: 404 }
+      );
+    }
+
+    const existing = existingDoc._id;
+
+    // Check for references (e.g. navigation links pointing to this page)
+    const referencing = await client.fetch(
+      `count(*[references($id)])`,
+      { id: existing }
+    );
+
+    if (referencing > 0) {
+      // Remove navigation references to this page before deleting
+      const siteSettings = await client.fetch(
+        `*[_type == "siteSettings"][0]{ _id, nav_items }`
+      );
+      if (siteSettings?.nav_items?.length) {
+        const filtered = siteSettings.nav_items.filter((item: RawNavItem) =>
+          item.internal_page?._ref !== existing
+        );
+        if (filtered.length !== siteSettings.nav_items.length) {
+          await writeClient
+            .patch(siteSettings._id)
+            .set({ nav_items: filtered })
+            .commit();
+        }
+      }
+    }
+
+    await writeClient.delete(existing);
+
+    // Revalidate ISR cache so the deleted page returns 404 immediately
+    const deletedPublicPath = existingDoc.page_type === "project" ? `/work/${slug}` : `/${slug}`;
+    revalidatePath(deletedPublicPath);
+    // Also revalidate home and layout to update any project grids/lists
+    revalidatePath("/", "layout");
+    // If deleted page was a project, purge /api/projects so grids update immediately
+    if (existingDoc.page_type === "project") {
+      revalidatePath("/api/projects");
+    }
+
+    auditLog("page.delete", { slug });
+
+    return NextResponse.json({ success: true });
+  } catch (err) {
+    logger.error("[Admin:Pages]", "Failed to delete page", err);
+    return NextResponse.json(
+      { error: "Failed to delete page" },
+      { status: 500 }
+    );
+  }
+}

package/app/api/admin/pages/[slug]/set-home/route.ts

@@ -0,0 +1,76 @@
+import { NextRequest, NextResponse } from "next/server";
+import { revalidatePath } from "next/cache";
+import { client } from "../../../../../../lib/sanity/client";
+import { writeClient } from "../../../../../../lib/sanity/writeClient";
+import { isAdminAuthenticated } from "../../../../../../lib/auth";
+import { validateCsrf, csrfErrorResponse } from "../../../../../../lib/csrf";
+import { auditLog } from "../../../../../../lib/audit";
+import { logger } from "../../../../../../lib/logger";
+
+/**
+ * POST /api/admin/pages/[slug]/set-home — Set a page as the home page.
+ * Atomically unsets is_home on the previous home page and sets it on this one.
+ * Only non-project pages can be set as home.
+ */
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ slug: string }> }
+) {
+  if (!(await isAdminAuthenticated())) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+  if (!validateCsrf(request)) {
+    return csrfErrorResponse();
+  }
+
+  try {
+    const { slug } = await params;
+
+    // Find the target page
+    const targetPage = await client.fetch(
+      `*[_type == "page" && slug.current == $slug][0]{ _id, page_type, title }`,
+      { slug }
+    );
+
+    if (!targetPage) {
+      return NextResponse.json({ error: "Page not found" }, { status: 404 });
+    }
+
+    // Projects cannot be set as home
+    if (targetPage.page_type === "project") {
+      return NextResponse.json(
+        { error: "Projects cannot be set as the home page" },
+        { status: 400 }
+      );
+    }
+
+    // Atomically unset is_home on the current home page and set it on the target.
+    // Using a Sanity transaction ensures both patches succeed or neither does,
+    // preventing concurrent requests from creating multiple home pages.
+    const currentHomeId = await client.fetch(
+      `*[_type == "page" && is_home == true && _id != $id][0]._id`,
+      { id: targetPage._id }
+    );
+
+    const tx = writeClient.transaction();
+    if (currentHomeId) {
+      tx.patch(currentHomeId, (p) => p.set({ is_home: false }));
+    }
+    tx.patch(targetPage._id, (p) => p.set({ is_home: true }));
+    await tx.commit();
+
+    // Revalidate home page and layout
+    revalidatePath("/");
+    revalidatePath("/", "layout");
+
+    auditLog("page.set-home", { slug, title: targetPage.title });
+
+    return NextResponse.json({ success: true });
+  } catch (err) {
+    logger.error("[Admin:Pages]", "Failed to set home page", err);
+    return NextResponse.json(
+      { error: "Failed to set home page" },
+      { status: 500 }
+    );
+  }
+}