From 03e4d45bc31a68df09a6ecad4430ae2f6b343c10 Mon Sep 17 00:00:00 2001 From: arkml Date: Fri, 26 Sep 2025 15:10:46 +0530 Subject: [PATCH] add auth to api routes --- apps/rowboat/app/api/uploaded-images/[id]/route.ts | 12 +++++++++++- .../app/api/uploaded-images/describe/route.ts | 11 +++++++++++ apps/rowboat/app/api/uploaded-images/route.ts | 11 +++++++++++ .../app/api/uploaded-images/upload-url/route.ts | 12 +++++++++++- 4 files changed, 44 insertions(+), 2 deletions(-) diff --git a/apps/rowboat/app/api/uploaded-images/[id]/route.ts b/apps/rowboat/app/api/uploaded-images/[id]/route.ts index 9f841ba9..886ad877 100644 --- a/apps/rowboat/app/api/uploaded-images/[id]/route.ts +++ b/apps/rowboat/app/api/uploaded-images/[id]/route.ts @@ -1,10 +1,21 @@ import { NextRequest, NextResponse } from 'next/server'; import { S3Client, GetObjectCommand, HeadObjectCommand } from '@aws-sdk/client-s3'; import { Readable } from 'stream'; +import { authCheck } from '@/app/actions/auth.actions'; +import { USE_AUTH } from '@/app/lib/feature_flags'; // Serves uploaded images from S3 by UUID-only path: /api/uploaded-images/{id} // Reconstructs the S3 key using the same sharding logic as image upload. export async function GET(request: NextRequest, props: { params: Promise<{ id: string }> }) { + // Require authentication if enabled + try { + if (USE_AUTH) { + await authCheck(); + } + } catch (_) { + return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }); + } + const params = await props.params; const id = params.id; if (!id) { @@ -72,4 +83,3 @@ export async function GET(request: NextRequest, props: { params: Promise<{ id: s return NextResponse.json({ error: 'Not found' }, { status: 404 }); } } - diff --git a/apps/rowboat/app/api/uploaded-images/describe/route.ts b/apps/rowboat/app/api/uploaded-images/describe/route.ts index fe7eb09f..cf9425b0 100644 --- a/apps/rowboat/app/api/uploaded-images/describe/route.ts +++ b/apps/rowboat/app/api/uploaded-images/describe/route.ts @@ -3,9 +3,20 @@ import { S3Client, GetObjectCommand, HeadObjectCommand } from '@aws-sdk/client-s import { GoogleGenerativeAI } from '@google/generative-ai'; import { UsageTracker } from '@/app/lib/billing'; import { logUsage } from '@/app/actions/billing.actions'; +import { authCheck } from '@/app/actions/auth.actions'; +import { USE_AUTH } from '@/app/lib/feature_flags'; export async function POST(request: NextRequest) { try { + // Require authentication if enabled + try { + if (USE_AUTH) { + await authCheck(); + } + } catch (_) { + return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }); + } + const { id } = await request.json(); if (!id || typeof id !== 'string') { return NextResponse.json({ error: 'id is required' }, { status: 400 }); diff --git a/apps/rowboat/app/api/uploaded-images/route.ts b/apps/rowboat/app/api/uploaded-images/route.ts index 5151a65e..3e941c13 100644 --- a/apps/rowboat/app/api/uploaded-images/route.ts +++ b/apps/rowboat/app/api/uploaded-images/route.ts @@ -5,6 +5,8 @@ import { tempBinaryCache } from '@/src/application/services/temp-binary-cache'; import { GoogleGenerativeAI } from '@google/generative-ai'; import { UsageTracker } from '@/app/lib/billing'; import { logUsage } from '@/app/actions/billing.actions'; +import { authCheck } from '@/app/actions/auth.actions'; +import { USE_AUTH } from '@/app/lib/feature_flags'; // POST /api/uploaded-images // Accepts an image file (multipart/form-data, field name: "file") @@ -12,6 +14,15 @@ import { logUsage } from '@/app/actions/billing.actions'; // or in the in-memory temp cache. Returns a JSON with a URL that the agent can fetch. export async function POST(request: NextRequest) { try { + // Require authentication if enabled + try { + if (USE_AUTH) { + await authCheck(); + } + } catch (_) { + return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }); + } + const contentType = request.headers.get('content-type') || ''; if (!contentType.includes('multipart/form-data')) { return NextResponse.json({ error: 'Expected multipart/form-data' }, { status: 400 }); diff --git a/apps/rowboat/app/api/uploaded-images/upload-url/route.ts b/apps/rowboat/app/api/uploaded-images/upload-url/route.ts index 86c2537e..2b187d16 100644 --- a/apps/rowboat/app/api/uploaded-images/upload-url/route.ts +++ b/apps/rowboat/app/api/uploaded-images/upload-url/route.ts @@ -2,9 +2,20 @@ import { NextRequest, NextResponse } from 'next/server'; import { S3Client, PutObjectCommand } from '@aws-sdk/client-s3'; import { getSignedUrl } from '@aws-sdk/s3-request-presigner'; import crypto from 'crypto'; +import { authCheck } from '@/app/actions/auth.actions'; +import { USE_AUTH } from '@/app/lib/feature_flags'; export async function POST(request: NextRequest) { try { + // Require authentication if enabled + try { + if (USE_AUTH) { + await authCheck(); + } + } catch (_) { + return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }); + } + const bucket = process.env.RAG_UPLOADS_S3_BUCKET || ''; if (!bucket) { return NextResponse.json({ error: 'S3 bucket not configured' }, { status: 500 }); @@ -44,4 +55,3 @@ export async function POST(request: NextRequest) { return NextResponse.json({ error: 'Failed to create upload URL' }, { status: 500 }); } } -