fix(templates): broken preview if alternative auth strategy was used, invalid error handling (#9785)

Previously, live preview did not work with oauth, as no token is present

examples/draft-preview/package.json

@@ -22,7 +22,6 @@
     "dotenv": "^8.2.0",
     "escape-html": "^1.0.3",
     "graphql": "^16.9.0",
-    "jsonwebtoken": "9.0.2",
     "next": "^15.0.0",
     "payload": "latest",
     "payload-admin-bar": "^1.0.6",

examples/draft-preview/src/app/(app)/next/preview/route.ts

@@ -1,6 +1,5 @@
-import type { CollectionSlug } from 'payload'
+import type { CollectionSlug, PayloadRequest } from 'payload'
 
-import jwt from 'jsonwebtoken'
 import { draftMode } from 'next/headers'
 import { redirect } from 'next/navigation'
 import { getPayload } from 'payload'
@@ -42,23 +41,21 @@ export async function GET(
       return new Response('No path provided', { status: 404 })
     }
 
-    if (!token) {
-      new Response('You are not allowed to preview this page', { status: 403 })
-    }
-
     if (!path.startsWith('/')) {
-      new Response('This endpoint can only be used for internal previews', { status: 500 })
+      return new Response('This endpoint can only be used for internal previews', { status: 500 })
     }
 
     let user
 
     try {
-      user = jwt.verify(token, payload.secret)
-    } catch (error) {
-      payload.logger.error({
-        err: error,
-        msg: 'Error verifying token for live preview',
+      user = await payload.auth({
+        req: req as unknown as PayloadRequest,
+        headers: req.headers,
       })
+    } catch (error) {
+      console.log({ token, payloadSecret: payload.secret })
+      payload.logger.error({ err: error }, 'Error verifying token for live preview')
+      return new Response('You are not allowed to preview this page', { status: 403 })
     }
 
     const draft = await draftMode()