apunkt/rowboat
1
0
Fork 0
mirror of https://github.com/rowboatlabs/rowboat.git synced 2026-05-05 21:32:46 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

add auth to api routes

Browse source
This commit is contained in:
arkml 2025-09-26 15:10:46 +05:30
parent 86d39a8616
commit 03e4d45bc3
4 changed files with 44 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

12
apps/rowboat/app/api/uploaded-images/[id]/route.ts
View file

@ -1,10 +1,21 @@
import { NextRequest, NextResponse } from 'next/server';
import { S3Client, GetObjectCommand, HeadObjectCommand } from '@aws-sdk/client-s3';
import { Readable } from 'stream';
import { authCheck } from '@/app/actions/auth.actions';
import { USE_AUTH } from '@/app/lib/feature_flags';
// Serves uploaded images from S3 by UUID-only path: /api/uploaded-images/{id}
// Reconstructs the S3 key using the same sharding logic as image upload.
export async function GET(request: NextRequest, props: { params: Promise<{ id: string }> }) {
// Require authentication if enabled
try {
if (USE_AUTH) {
await authCheck();
}
} catch (_) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const params = await props.params;
const id = params.id;
if (!id) {
@ -72,4 +83,3 @@ export async function GET(request: NextRequest, props: { params: Promise<{ id: s
return NextResponse.json({ error: 'Not found' }, { status: 404 });
}
}

11
apps/rowboat/app/api/uploaded-images/describe/route.ts
View file

@ -3,9 +3,20 @@ import { S3Client, GetObjectCommand, HeadObjectCommand } from '@aws-sdk/client-s
import { GoogleGenerativeAI } from '@google/generative-ai';
import { UsageTracker } from '@/app/lib/billing';
import { logUsage } from '@/app/actions/billing.actions';
import { authCheck } from '@/app/actions/auth.actions';
import { USE_AUTH } from '@/app/lib/feature_flags';
export async function POST(request: NextRequest) {
try {
// Require authentication if enabled
try {
if (USE_AUTH) {
await authCheck();
}
} catch (_) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const { id } = await request.json();
if (!id || typeof id !== 'string') {
return NextResponse.json({ error: 'id is required' }, { status: 400 });

11
apps/rowboat/app/api/uploaded-images/route.ts
View file

@ -5,6 +5,8 @@ import { tempBinaryCache } from '@/src/application/services/temp-binary-cache';
import { GoogleGenerativeAI } from '@google/generative-ai';
import { UsageTracker } from '@/app/lib/billing';
import { logUsage } from '@/app/actions/billing.actions';
import { authCheck } from '@/app/actions/auth.actions';
import { USE_AUTH } from '@/app/lib/feature_flags';
// POST /api/uploaded-images
// Accepts an image file (multipart/form-data, field name: "file")
@ -12,6 +14,15 @@ import { logUsage } from '@/app/actions/billing.actions';
// or in the in-memory temp cache. Returns a JSON with a URL that the agent can fetch.
export async function POST(request: NextRequest) {
try {
// Require authentication if enabled
try {
if (USE_AUTH) {
await authCheck();
}
} catch (_) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const contentType = request.headers.get('content-type') || '';
if (!contentType.includes('multipart/form-data')) {
return NextResponse.json({ error: 'Expected multipart/form-data' }, { status: 400 });

12
apps/rowboat/app/api/uploaded-images/upload-url/route.ts
View file

@ -2,9 +2,20 @@ import { NextRequest, NextResponse } from 'next/server';
import { S3Client, PutObjectCommand } from '@aws-sdk/client-s3';
import { getSignedUrl } from '@aws-sdk/s3-request-presigner';
import crypto from 'crypto';
import { authCheck } from '@/app/actions/auth.actions';
import { USE_AUTH } from '@/app/lib/feature_flags';
export async function POST(request: NextRequest) {
try {
// Require authentication if enabled
try {
if (USE_AUTH) {
await authCheck();
}
} catch (_) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const bucket = process.env.RAG_UPLOADS_S3_BUCKET || '';
if (!bucket) {
return NextResponse.json({ error: 'S3 bucket not configured' }, { status: 500 });
@ -44,4 +55,3 @@ export async function POST(request: NextRequest) {
return NextResponse.json({ error: 'Failed to create upload URL' }, { status: 500 });
}
}