pieced-portal/src/app/api/tenants/route.ts

import { NextResponse } from "next/server";
import { getSessionUser } from "@/lib/session";
import { listTenants } from "@/lib/k8s";

export async function GET() {
  const user = await getSessionUser();
  if (!user)
    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });

  const tenants = await listTenants();

  if (user.isPlatform) {
    return NextResponse.json(tenants);
  }

  // Customers see only their own tenant
  const own = tenants.filter(
    (t) => t.metadata.labels?.["pieced.ch/zitadel-org-id"] === user.orgId
  );
  return NextResponse.json(own);
}