From 9bc8e59ae30d5bfc98f0b763a38a0672a26dd593 Mon Sep 17 00:00:00 2001
From: Sam Becker <sam@sambecker.com>
Date: Wed, 29 Nov 2023 23:07:18 -0600
Subject: [PATCH] Add authentication check to blob upload handler

---
 .../(auth-state)/admin/uploads/blob/route.tsx  | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/app/(auth-state)/admin/uploads/blob/route.tsx b/src/app/(auth-state)/admin/uploads/blob/route.tsx
index 26076bd7..96ef5063 100644
--- a/src/app/(auth-state)/admin/uploads/blob/route.tsx
+++ b/src/app/(auth-state)/admin/uploads/blob/route.tsx
@@ -1,3 +1,4 @@
+import { auth } from '@/auth';
 import { revalidateAdminPaths, revalidatePhotosKey } from '@/cache';
 import { ACCEPTED_PHOTO_FILE_TYPES } from '@/photo';
 import { isUploadPathnameValid } from '@/services/blob';
@@ -12,13 +13,18 @@ export async function POST(request: Request): Promise<NextResponse> {
       body,
       request,
       onBeforeGenerateToken: async (pathname) => {
-        if (isUploadPathnameValid(pathname)) {
-          return {
-            maximumSizeInBytes: 40_000_000,
-            allowedContentTypes: ACCEPTED_PHOTO_FILE_TYPES,
-          };
+        const session = await auth();
+        if (session?.user) {
+          if (isUploadPathnameValid(pathname)) {
+            return {
+              maximumSizeInBytes: 40_000_000,
+              allowedContentTypes: ACCEPTED_PHOTO_FILE_TYPES,
+            };
+          } else {
+            throw new Error('Invalid upload');
+          }
         } else {
-          throw new Error('Invalid upload');
+          throw new Error('Unauthenticated upload');
         }
       },
       // This argument is required, but doesn't seem to fire