added claim/owner routes and components, test fiber page

app/api/claims/route.ts

@@ -0,0 +1,58 @@
+// app/api/claims/route.ts
+import { NextResponse } from 'next/server';
+import { cookies } from 'next/headers';
+
+const API =
+process.env.DIRECTUS_URL /* server-only */ ??
+process.env.NEXT_PUBLIC_API_BASE_URL /* fallback */;
+
+const ALLOWED = new Set([
+    'settings_fiber',
+    'settings_uv',
+    'settings_co2gal',
+    'settings_co2gan',
+    'projects',
+]);
+
+export async function POST(req: Request) {
+    let body: any;
+    try {
+        body = await req.json();
+    } catch {
+        return NextResponse.json({ error: 'Invalid JSON' }, { status: 400 });
+    }
+
+    const { target_collection, target_id } = body ?? {};
+    if (!ALLOWED.has(String(target_collection)) || target_id == null) {
+        return NextResponse.json({ error: 'Invalid target' }, { status: 400 });
+    }
+
+    const token =
+    cookies().get('directus_access_token')?.value ??
+    cookies().get('ma_at')?.value ??
+    '';
+
+    if (!token) {
+        return NextResponse.json({ error: 'Not authenticated' }, { status: 401 });
+    }
+
+    const r = await fetch(`${API}/items/user_claims`, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+            Authorization: `Bearer ${token}`,
+            Accept: 'application/json',
+        },
+        body: JSON.stringify({ target_collection, target_id }),
+                          cache: 'no-store',
+                          next: { revalidate: 0 },
+    });
+
+    const data = await r.json().catch(() => ({}));
+    if (!r.ok) {
+        const msg = data?.errors?.[0]?.message ?? data?.message ?? 'Directus error';
+        return NextResponse.json({ error: msg }, { status: r.status });
+    }
+
+    return NextResponse.json({ ok: true, data }, { status: 200 });
+}