wip

56kcloud · Dec 21, 2023 · 7b5a274 · 7b5a274
1 parent 0a59a5d
commit 7b5a274
Show file tree

Hide file tree

Showing 6 changed files with 58 additions and 25 deletions.
diff --git a/apps/www/configs/server.ts b/apps/www/configs/server.ts
@@ -1,4 +1,5 @@
 import {Fetcher} from '@/models/fetcher.model'
+export const nextAPIToken = process.env.NEXT_API_TOKEN || ''
 export const strapiAPI = process.env.STRAPI_API_URL || ''
 export const strapiAPIToken = process.env.STRAPI_API_TOKEN || ''
 export const strapiFetcher = new Fetcher(strapiAPI, {

diff --git a/apps/www/src/app/api/og/route.ts b/apps/www/src/app/api/og/route.ts
@@ -2,7 +2,6 @@ import {addAbsoluteURLsInObject} from '@/utils/toolbox'
 import ogs from 'open-graph-scraper'
 
 export async function GET(request: Request) {
-
   const urlParam = new URL(request.url).searchParams.get('url')
   let url: string | undefined | URL = Array.isArray(urlParam) ? urlParam[0] : urlParam
 

diff --git a/apps/www/src/app/api/revalidate/route.ts b/apps/www/src/app/api/revalidate/route.ts
@@ -1,31 +1,21 @@
-import {NextResponse} from 'next/server'
+import {headers} from '@/utils/api/headers'
+import {options} from '@/utils/api/options'
+import {protectedAPI} from '@/utils/api/protected-api'
 import {revalidateTag} from 'next/cache'
 
 export async function OPTIONS() {
-  return NextResponse.json(
-    {},
-    {
-      status: 200,
-      headers: {
-        'Access-Control-Allow-Origin': 'https://cms.56k.cloud',
-        'Access-Control-Allow-Methods': 'OPTIONS',
-        'Access-Control-Allow-Headers': 'Content-Type, Authorization'
-      }
-    }
-  )
+  return options()
 }
 
-export async function GET() {
-  revalidateTag('strapi')
-  return new Response(
-    'Strapi tag revalidated',
-    {
-      status: 200,
-      headers: {
-        'Access-Control-Allow-Origin': 'https://cms.56k.cloud',
-        'Access-Control-Allow-Methods': 'GET',
-        'Access-Control-Allow-Headers': 'Content-Type, Authorization'
+export async function GET(request: Request) {
+  return protectedAPI(request, () => {
+    revalidateTag('strapi')
+    return new Response(
+      'Strapi tag revalidated',
+      {
+        status: 200,
+        headers: headers({methods: 'GET'})
       }
-    }
-  )
+    )
+  })
 }
diff --git a/apps/www/src/utils/api/headers.ts b/apps/www/src/utils/api/headers.ts
@@ -0,0 +1,15 @@
+import {strapiAPI} from '../../../configs/server'
+
+export type HeaderProps = {
+  origin?: string
+  methods?: string
+  headers?: string
+}
+
+export function headers(props: HeaderProps) {
+  return {
+    'Access-Control-Allow-Origin': props.origin || strapiAPI || '*',
+    'Access-Control-Allow-Methods': props.methods || 'GET, POST, PUT, PATCH, DELETE, OPTIONS',
+    'Access-Control-Allow-Headers': props.headers || 'Content-Type, Authorization'
+  }
+}
diff --git a/apps/www/src/utils/api/options.ts b/apps/www/src/utils/api/options.ts
@@ -0,0 +1,12 @@
+import {NextResponse} from 'next/server'
+import {headers} from './headers'
+
+export function options() {
+  return NextResponse.json(
+    {},
+    {
+      status: 200,
+      headers: headers({methods: 'OPTIONS'})
+    }
+  )
+}
diff --git a/apps/www/src/utils/api/protected-api.ts b/apps/www/src/utils/api/protected-api.ts
@@ -0,0 +1,16 @@
+import {nextAPIToken} from '../../../configs/server'
+
+export function protectedAPI(request: Request, success: () => Response) {
+  const token = request.headers.get('Authorization')
+  if (token === nextAPIToken) {
+    return success()
+  } else {
+    return new Response(
+      'Unauthorized',
+      {
+        status: 401,
+        statusText: 'Unauthorized'
+      }
+    )
+  }
+}