Add authentication check to blob upload handler

2023-11-29 23:07:18 -06:00 · 2023-11-29 23:07:18 -06:00 · 9bc8e59ae3
commit 9bc8e59ae3
parent d8955f78c5
1 changed files with 12 additions and 6 deletions
--- a/src/app/(auth-state)/admin/uploads/blob/route.tsx
+++ b/src/app/(auth-state)/admin/uploads/blob/route.tsx
@ -1,3 +1,4 @@
+import { auth } from '@/auth';
 import { revalidateAdminPaths, revalidatePhotosKey } from '@/cache';
 import { ACCEPTED_PHOTO_FILE_TYPES } from '@/photo';
 import { isUploadPathnameValid } from '@/services/blob';
@ -12,13 +13,18 @@ export async function POST(request: Request): Promise<NextResponse> {
      body,
      request,
      onBeforeGenerateToken: async (pathname) => {
-        if (isUploadPathnameValid(pathname)) {
-          return {
-            maximumSizeInBytes: 40_000_000,
-            allowedContentTypes: ACCEPTED_PHOTO_FILE_TYPES,
-          };
+        const session = await auth();
+        if (session?.user) {
+          if (isUploadPathnameValid(pathname)) {
+            return {
+              maximumSizeInBytes: 40_000_000,
+              allowedContentTypes: ACCEPTED_PHOTO_FILE_TYPES,
+            };
+          } else {
+            throw new Error('Invalid upload');
+          }
        } else {
-          throw new Error('Invalid upload');
+          throw new Error('Unauthenticated upload');
        }
      },
      // This argument is required, but doesn't seem to fire