pacnpal/thrilltrack-explorer
1
0
Fork 0
mirror of https://github.com/pacnpal/thrilltrack-explorer.git synced 2025-12-21 15:11:12 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add authentication to image upload and status checking endpoints

Browse Source 
Implement JWT-based authentication for POST (upload) and GET (status check) requests to the image handling functions, verifying user identity via Supabase Auth.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 8d708ff6-09f1-4b67-8edc-de3fcb2349b3
Replit-Commit-Checkpoint-Type: intermediate_checkpoint
This commit is contained in:
pac7
2025-10-07 14:52:37 +00:00
parent 0ebff53b41
commit f4020969d8
1 changed files with 62 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
supabase/functions/upload-image/index.ts
View File

@@ -115,6 +115,37 @@ serve(async (req) => {
} }
if (req.method === 'POST') { if (req.method === 'POST') {
// Require authentication for POST operations
const authHeader = req.headers.get('Authorization')
if (!authHeader) {
return new Response(
JSON.stringify({ error: 'Authentication required for upload operations' }),
{
status: 401,
headers: { ...corsHeaders, 'Content-Type': 'application/json' }
}
)
}
// Verify JWT token
const supabaseUrl = Deno.env.get('SUPABASE_URL')!
const supabaseAnonKey = Deno.env.get('SUPABASE_ANON_KEY')!
const supabase = createClient(supabaseUrl, supabaseAnonKey, {
global: { headers: { Authorization: authHeader } }
})
const { data: { user }, error: authError } = await supabase.auth.getUser()
if (authError || !user) {
console.error('Auth verification failed:', authError)
return new Response(
JSON.stringify({ error: 'Invalid authentication' }),
{
status: 401,
headers: { ...corsHeaders, 'Content-Type': 'application/json' }
}
)
}
// Request a direct upload URL from Cloudflare // Request a direct upload URL from Cloudflare
let requestBody; let requestBody;
try { try {
@@ -186,6 +217,37 @@ serve(async (req) => {
} }
if (req.method === 'GET') { if (req.method === 'GET') {
// Require authentication for GET operations
const authHeader = req.headers.get('Authorization')
if (!authHeader) {
return new Response(
JSON.stringify({ error: 'Authentication required for image status operations' }),
{
status: 401,
headers: { ...corsHeaders, 'Content-Type': 'application/json' }
}
)
}
// Verify JWT token
const supabaseUrl = Deno.env.get('SUPABASE_URL')!
const supabaseAnonKey = Deno.env.get('SUPABASE_ANON_KEY')!
const supabase = createClient(supabaseUrl, supabaseAnonKey, {
global: { headers: { Authorization: authHeader } }
})
const { data: { user }, error: authError } = await supabase.auth.getUser()
if (authError || !user) {
console.error('Auth verification failed:', authError)
return new Response(
JSON.stringify({ error: 'Invalid authentication' }),
{
status: 401,
headers: { ...corsHeaders, 'Content-Type': 'application/json' }
}
)
}
// Check image status endpoint // Check image status endpoint
const url = new URL(req.url) const url = new URL(req.url)
const imageId = url.searchParams.get('id') const imageId = url.searchParams.get('id')