feat: add api key check in api route

2023-12-15 19:18:42 +08:00 · 2023-12-15 19:18:42 +08:00 · 9aa2484872
commit 9aa2484872
parent 72d0364fee
4 changed files with 39 additions and 21 deletions
--- a/web/src/app/api/run/route.ts
+++ b/web/src/app/api/run/route.ts
@ -3,6 +3,7 @@ import { createRun } from "../../../server/createRun";
 import { db } from "@/db/db";
 import { deploymentsTable } from "@/db/schema";
 import { getRunsData } from "@/server/getRunsOutput";
 import { parseJWT } from "@/server/parseJWT";
 import { replaceCDNUrl } from "@/server/resource";
 import { eq } from "drizzle-orm";
 import { NextResponse } from "next/server";
@ -18,6 +19,14 @@ const Request2 = z.object({
 });
 export async function GET(request: Request) {
  const token = request.headers.get("Authorization")?.split(" ")?.[1]; // Assuming token is sent as "Bearer your_token"
  const userData = token ? parseJWT(token) : undefined;
  if (!userData) {
    return new NextResponse("Invalid or expired token", {
      status: 401,
    });
  }
  const [data, error] = await parseDataSafe(Request2, request);
  if (!data || error) return error;
@ -44,6 +53,14 @@ export async function GET(request: Request) {
 }
 export async function POST(request: Request) {
  const token = request.headers.get("Authorization")?.split(" ")?.[1]; // Assuming token is sent as "Bearer your_token"
  const userData = token ? parseJWT(token) : undefined;
  if (!userData) {
    return new NextResponse("Invalid or expired token", {
      status: 401,
    });
  }
  const [data, error] = await parseDataSafe(Request, request);
  if (!data || error) return error;
--- a/web/src/app/api/upload/route.ts
+++ b/web/src/app/api/upload/route.ts
@ -1,3 +1,4 @@
 import { parseJWT } from "../../../server/parseJWT";
 import { db } from "@/db/db";
 import {
  workflowAPIType,
@ -7,7 +8,6 @@ import {
 } from "@/db/schema";
 import { parseDataSafe } from "@/lib/parseDataSafe";
 import { sql } from "drizzle-orm";
 import jwt from "jsonwebtoken";
 import { NextResponse } from "next/server";
 import { z } from "zod";
@ -36,24 +36,6 @@ export async function OPTIONS(request: Request) {
  });
 }
 const APIKeyBodyRequest = z.object({
  user_id: z.string().optional(),
  org_id: z.string().optional(),
  iat: z.number(),
 });
 function parseJWT(token: string) {
  try {
    // Verify the token - this also decodes it
    const decoded = jwt.verify(token, process.env.JWT_SECRET!);
    return APIKeyBodyRequest.parse(decoded);
  } catch (err) {
    // Handle error (token is invalid, expired, etc.)
    console.error(err);
    return null;
  }
 }
 export async function POST(request: Request) {
  const token = request.headers.get("Authorization")?.split(" ")?.[1]; // Assuming token is sent as "Bearer your_token"
  const userData = token ? parseJWT(token) : undefined;
@ -64,8 +46,6 @@ export async function POST(request: Request) {
    });
  }
  console.log(userData);
  const { user_id, org_id } = userData;
  if (!user_id) return new NextResponse("Invalid user_id", { status: 401 });
--- a/web/src/server/APIKeyBodyRequest.ts
+++ b/web/src/server/APIKeyBodyRequest.ts
@ -0,0 +1,7 @@
 import { z } from "zod";
 export const APIKeyBodyRequest = z.object({
  user_id: z.string().optional(),
  org_id: z.string().optional(),
  iat: z.number(),
 });
--- a/web/src/server/parseJWT.ts
+++ b/web/src/server/parseJWT.ts
@ -0,0 +1,14 @@
 import { APIKeyBodyRequest } from "@/server/APIKeyBodyRequest";
 import jwt from "jsonwebtoken";
 export function parseJWT(token: string) {
  try {
    // Verify the token - this also decodes it
    const decoded = jwt.verify(token, process.env.JWT_SECRET!);
    return APIKeyBodyRequest.parse(decoded);
  } catch (err) {
    // Handle error (token is invalid, expired, etc.)
    console.error(err);
    return null;
  }
 }