From 0975a7aa84138bad339c33197b38297e81f734ef Mon Sep 17 00:00:00 2001 From: Atridad Lahiji Date: Mon, 14 Aug 2023 01:18:35 -0600 Subject: [PATCH] Ping + streamlined validation of keys --- src/pages/api/external/ping.ts | 15 ++++++++ src/pages/api/ping.ts | 6 ---- src/pages/api/webhooks/onUserDelete.ts | 49 ++++++++++---------------- src/server/unkey.ts | 22 ++++++++++++ 4 files changed, 56 insertions(+), 36 deletions(-) create mode 100644 src/pages/api/external/ping.ts delete mode 100644 src/pages/api/ping.ts diff --git a/src/pages/api/external/ping.ts b/src/pages/api/external/ping.ts new file mode 100644 index 0000000..1f495da --- /dev/null +++ b/src/pages/api/external/ping.ts @@ -0,0 +1,15 @@ +import type { NextApiRequest, NextApiResponse } from "next"; +import { db } from "~/server/db"; +import { validateRequest } from "~/server/unkey"; + +export default async function handler( + req: NextApiRequest, + res: NextApiResponse +) { + const success = await validateRequest(req, res); + + if (success) { + await db.query.votes.findFirst(); + res.status(200).json({ result: "Pong!" }); + } +} diff --git a/src/pages/api/ping.ts b/src/pages/api/ping.ts deleted file mode 100644 index cde83a0..0000000 --- a/src/pages/api/ping.ts +++ /dev/null @@ -1,6 +0,0 @@ - -import type { NextApiRequest, NextApiResponse } from "next"; - -export default function handler(req: NextApiRequest, res: NextApiResponse) { - res.status(200).json({ result: "Pong!" }); -} diff --git a/src/pages/api/webhooks/onUserDelete.ts b/src/pages/api/webhooks/onUserDelete.ts index 3288931..9acc369 100644 --- a/src/pages/api/webhooks/onUserDelete.ts +++ b/src/pages/api/webhooks/onUserDelete.ts @@ -2,45 +2,34 @@ import { eq } from "drizzle-orm"; import type { NextApiRequest, NextApiResponse } from "next"; import { db } from "~/server/db"; import { logs, rooms, votes } from "~/server/schema"; -import { validateApiKey } from "~/server/unkey"; +import { validateApiKey, validateRequest } from "~/server/unkey"; export default async function handler( req: NextApiRequest, res: NextApiResponse ) { - let isValidKey: boolean = false; + const success = await validateRequest(req, res); - // Get the auth bearer token if it exists - if (req.headers.authorization) { - const key = req.headers.authorization.split("Bearer ").at(1); - if (key) { - isValidKey = await validateApiKey(key); - } - } - - // Error if the key is not valid - if (!isValidKey) { - res.status(403).json({ error: "UNAUTHORIZED" }); - } - - const requestBody = req.body as { - data: { - deleted: string; - id: string; + if (success) { + const requestBody = req.body as { + data: { + deleted: string; + id: string; + object: string; + }; object: string; + type: string; }; - object: string; - type: string; - }; - const deletedRoom = await db - .delete(rooms) - .where(eq(rooms.userId, requestBody.data.id)); + const deletedRoom = await db + .delete(rooms) + .where(eq(rooms.userId, requestBody.data.id)); - if (deletedRoom.rowsAffected > 0) { - await db.delete(logs).where(eq(logs.userId, requestBody.data.id)); - await db.delete(votes).where(eq(votes.userId, requestBody.data.id)); + if (deletedRoom.rowsAffected > 0) { + await db.delete(logs).where(eq(logs.userId, requestBody.data.id)); + await db.delete(votes).where(eq(votes.userId, requestBody.data.id)); + } + + res.status(200).json({ result: "USER DELETED" }); } - - res.status(200).json({ result: "USER DELETED" }); } diff --git a/src/server/unkey.ts b/src/server/unkey.ts index 84bcbb1..de2d44b 100644 --- a/src/server/unkey.ts +++ b/src/server/unkey.ts @@ -1,4 +1,5 @@ import { Unkey } from "@unkey/api"; +import { NextApiRequest, NextApiResponse } from "next"; import { env } from "~/env.mjs"; export const unkey = new Unkey({ token: env.UNKEY_ROOT_KEY }); @@ -13,3 +14,24 @@ export const validateApiKey = async (key: string) => { return false; } }; + +export const validateRequest = async ( + req: NextApiRequest, + res: NextApiResponse +) => { + let isValidKey: boolean = false; + // Get the auth bearer token if it exists + if (req.headers.authorization) { + const key = req.headers.authorization.split("Bearer ").at(1); + if (key) { + isValidKey = await validateApiKey(key); + } + } + + // Error if the key is not valid + if (!isValidKey) { + res.status(403).json({ error: "UNAUTHORIZED" }); + } + + return isValidKey; +};