From f4020969d82933d5523345425f7da51196b025c6 Mon Sep 17 00:00:00 2001
From: pac7 <47831526-pac7@users.noreply.replit.com>
Date: Tue, 7 Oct 2025 14:52:37 +0000
Subject: [PATCH] Add authentication to image upload and status checking
 endpoints

Implement JWT-based authentication for POST (upload) and GET (status check) requests to the image handling functions, verifying user identity via Supabase Auth.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 8d708ff6-09f1-4b67-8edc-de3fcb2349b3
Replit-Commit-Checkpoint-Type: intermediate_checkpoint
---
 supabase/functions/upload-image/index.ts | 62 ++++++++++++++++++++++++
 1 file changed, 62 insertions(+)

diff --git a/supabase/functions/upload-image/index.ts b/supabase/functions/upload-image/index.ts
index 04e3508a..cd3f176e 100644
--- a/supabase/functions/upload-image/index.ts
+++ b/supabase/functions/upload-image/index.ts
@@ -115,6 +115,37 @@ serve(async (req) => {
     }
 
     if (req.method === 'POST') {
+      // Require authentication for POST operations
+      const authHeader = req.headers.get('Authorization')
+      if (!authHeader) {
+        return new Response(
+          JSON.stringify({ error: 'Authentication required for upload operations' }),
+          { 
+            status: 401, 
+            headers: { ...corsHeaders, 'Content-Type': 'application/json' } 
+          }
+        )
+      }
+
+      // Verify JWT token
+      const supabaseUrl = Deno.env.get('SUPABASE_URL')!
+      const supabaseAnonKey = Deno.env.get('SUPABASE_ANON_KEY')!
+      const supabase = createClient(supabaseUrl, supabaseAnonKey, {
+        global: { headers: { Authorization: authHeader } }
+      })
+
+      const { data: { user }, error: authError } = await supabase.auth.getUser()
+      if (authError || !user) {
+        console.error('Auth verification failed:', authError)
+        return new Response(
+          JSON.stringify({ error: 'Invalid authentication' }),
+          { 
+            status: 401, 
+            headers: { ...corsHeaders, 'Content-Type': 'application/json' } 
+          }
+        )
+      }
+
       // Request a direct upload URL from Cloudflare
       let requestBody;
       try {
@@ -186,6 +217,37 @@ serve(async (req) => {
     } 
 
     if (req.method === 'GET') {
+      // Require authentication for GET operations
+      const authHeader = req.headers.get('Authorization')
+      if (!authHeader) {
+        return new Response(
+          JSON.stringify({ error: 'Authentication required for image status operations' }),
+          { 
+            status: 401, 
+            headers: { ...corsHeaders, 'Content-Type': 'application/json' } 
+          }
+        )
+      }
+
+      // Verify JWT token
+      const supabaseUrl = Deno.env.get('SUPABASE_URL')!
+      const supabaseAnonKey = Deno.env.get('SUPABASE_ANON_KEY')!
+      const supabase = createClient(supabaseUrl, supabaseAnonKey, {
+        global: { headers: { Authorization: authHeader } }
+      })
+
+      const { data: { user }, error: authError } = await supabase.auth.getUser()
+      if (authError || !user) {
+        console.error('Auth verification failed:', authError)
+        return new Response(
+          JSON.stringify({ error: 'Invalid authentication' }),
+          { 
+            status: 401, 
+            headers: { ...corsHeaders, 'Content-Type': 'application/json' } 
+          }
+        )
+      }
+
       // Check image status endpoint
       const url = new URL(req.url)
       const imageId = url.searchParams.get('id')