feat: Implement Uppy photo upload

2025-12-20 16:11:12 -05:00 · 2025-09-29 16:51:50 +00:00
parent f6a06ad2fa
commit a5a9cc51ad
6 changed files with 1279 additions and 7 deletions
--- a/supabase/functions/upload-image/index.ts
+++ b/supabase/functions/upload-image/index.ts
@@ -1,4 +1,5 @@
 import { serve } from "https://deno.land/std@0.168.0/http/server.ts"
+import { createClient } from 'https://esm.sh/@supabase/supabase-js@2'

 const corsHeaders = {
  'Access-Control-Allow-Origin': '*',
@@ -22,6 +23,37 @@ serve(async (req) => {
    }

    if (req.method === 'DELETE') {
+      // Require authentication for DELETE operations
+      const authHeader = req.headers.get('Authorization')
+      if (!authHeader) {
+        return new Response(
+          JSON.stringify({ error: 'Authentication required for delete operations' }),
+          { 
+            status: 401, 
+            headers: { ...corsHeaders, 'Content-Type': 'application/json' } 
+          }
+        )
+      }
+
+      // Verify JWT token
+      const supabaseUrl = Deno.env.get('SUPABASE_URL')!
+      const supabaseAnonKey = Deno.env.get('SUPABASE_ANON_KEY')!
+      const supabase = createClient(supabaseUrl, supabaseAnonKey, {
+        global: { headers: { Authorization: authHeader } }
+      })
+
+      const { data: { user }, error: authError } = await supabase.auth.getUser()
+      if (authError || !user) {
+        console.error('Auth verification failed:', authError)
+        return new Response(
+          JSON.stringify({ error: 'Invalid authentication' }),
+          { 
+            status: 401, 
+            headers: { ...corsHeaders, 'Content-Type': 'application/json' } 
+          }
+        )
+      }
+
      // Delete image from Cloudflare
      const { imageId } = await req.json()
      
@@ -71,11 +103,16 @@ serve(async (req) => {

    if (req.method === 'POST') {
      // Request a direct upload URL from Cloudflare
-      const { metadata = {}, variant = 'public' } = await req.json().catch(() => ({}))
+      const { metadata = {}, variant = 'public', requireSignedURLs = false } = await req.json().catch(() => ({}))

      // Create FormData for the request (Cloudflare API requires multipart/form-data)
      const formData = new FormData()
-      formData.append('requireSignedURLs', 'false')
+      formData.append('requireSignedURLs', requireSignedURLs.toString())
+      
+      // Add metadata to the request if provided
+      if (metadata && Object.keys(metadata).length > 0) {
+        formData.append('metadata', JSON.stringify(metadata))
+      }

      const directUploadResponse = await fetch(
        `https://api.cloudflare.com/client/v4/accounts/${CLOUDFLARE_ACCOUNT_ID}/images/v2/direct_upload`,