Add authentication to image upload and status checking endpoints

Implement JWT-based authentication for POST (upload) and GET (status check) requests to the image handling functions, verifying user identity via Supabase Auth. Replit-Commit-Author: Agent Replit-Commit-Session-Id: 8d708ff6-09f1-4b67-8edc-de3fcb2349b3 Replit-Commit-Checkpoint-Type: intermediate_checkpoint
2025-12-20 11:51:14 -05:00 · 2025-10-07 14:52:37 +00:00
parent 0ebff53b41
commit f4020969d8
1 changed files with 62 additions and 0 deletions
--- a/supabase/functions/upload-image/index.ts
+++ b/supabase/functions/upload-image/index.ts
@@ -115,6 +115,37 @@ serve(async (req) => {
    }

    if (req.method === 'POST') {
+      // Require authentication for POST operations
+      const authHeader = req.headers.get('Authorization')
+      if (!authHeader) {
+        return new Response(
+          JSON.stringify({ error: 'Authentication required for upload operations' }),
+          { 
+            status: 401, 
+            headers: { ...corsHeaders, 'Content-Type': 'application/json' } 
+          }
+        )
+      }
+
+      // Verify JWT token
+      const supabaseUrl = Deno.env.get('SUPABASE_URL')!
+      const supabaseAnonKey = Deno.env.get('SUPABASE_ANON_KEY')!
+      const supabase = createClient(supabaseUrl, supabaseAnonKey, {
+        global: { headers: { Authorization: authHeader } }
+      })
+
+      const { data: { user }, error: authError } = await supabase.auth.getUser()
+      if (authError || !user) {
+        console.error('Auth verification failed:', authError)
+        return new Response(
+          JSON.stringify({ error: 'Invalid authentication' }),
+          { 
+            status: 401, 
+            headers: { ...corsHeaders, 'Content-Type': 'application/json' } 
+          }
+        )
+      }
+
      // Request a direct upload URL from Cloudflare
      let requestBody;
      try {
@@ -186,6 +217,37 @@ serve(async (req) => {
    } 

    if (req.method === 'GET') {
+      // Require authentication for GET operations
+      const authHeader = req.headers.get('Authorization')
+      if (!authHeader) {
+        return new Response(
+          JSON.stringify({ error: 'Authentication required for image status operations' }),
+          { 
+            status: 401, 
+            headers: { ...corsHeaders, 'Content-Type': 'application/json' } 
+          }
+        )
+      }
+
+      // Verify JWT token
+      const supabaseUrl = Deno.env.get('SUPABASE_URL')!
+      const supabaseAnonKey = Deno.env.get('SUPABASE_ANON_KEY')!
+      const supabase = createClient(supabaseUrl, supabaseAnonKey, {
+        global: { headers: { Authorization: authHeader } }
+      })
+
+      const { data: { user }, error: authError } = await supabase.auth.getUser()
+      if (authError || !user) {
+        console.error('Auth verification failed:', authError)
+        return new Response(
+          JSON.stringify({ error: 'Invalid authentication' }),
+          { 
+            status: 401, 
+            headers: { ...corsHeaders, 'Content-Type': 'application/json' } 
+          }
+        )
+      }
+
      // Check image status endpoint
      const url = new URL(req.url)
      const imageId = url.searchParams.get('id')