apunkt/rowboat
1
0
Fork 0
mirror of https://github.com/rowboatlabs/rowboat.git synced 2026-05-08 06:42:39 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

remove url from share and add auth (#260)

Browse source
This commit is contained in:
arkml 2025-09-15 23:44:01 +05:30 committed by GitHub
parent a7abdc43a5
commit 041ab25b7b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 20 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

27
apps/rowboat/app/actions/shared-workflow.actions.ts
View file

@ -5,6 +5,7 @@ import { nanoid } from "nanoid";
import { Workflow } from "@/app/lib/types/workflow_types";
import { db } from "@/app/lib/mongodb";
import { SHARED_WORKFLOWS_COLLECTION } from "@/src/infrastructure/repositories/mongodb.shared-workflows.indexes";
import { requireAuth } from "@/app/lib/auth";
const DEFAULT_TTL_SECONDS = 60 * 60 * 24; // 24 hours
@ -26,6 +27,8 @@ function validateWorkflowJson(obj: unknown) {
export async function createSharedWorkflowFromJson(json: string): Promise<{ id: string; ttlSeconds: number; }>
{
// Require an authenticated user (respects guest mode when auth is disabled)
await requireAuth();
const obj = JSON.parse(json);
const workflow = validateWorkflowJson(obj);
@ -38,23 +41,18 @@ export async function createSharedWorkflowFromJson(json: string): Promise<{ id:
return { id, ttlSeconds: DEFAULT_TTL_SECONDS };
}
export async function loadSharedWorkflow(idOrUrl: string): Promise<z.infer<typeof Workflow>> {
// If it's an http(s) URL, fetch JSON and validate
const isHttp = idOrUrl.startsWith('http://') || idOrUrl.startsWith('https://');
if (isHttp) {
const resp = await fetch(idOrUrl, { cache: 'no-store' });
if (!resp.ok) {
throw new Error(`Failed to fetch URL: ${resp.status} ${resp.statusText}`);
}
const text = await resp.text();
const obj = JSON.parse(text);
return validateWorkflowJson(obj);
}
/**
* Load a shared workflow by ephemeral share id stored in MongoDB.
* Expected when the query param `shared` is present in the UI.
*/
export async function loadSharedWorkflow(id: string): Promise<z.infer<typeof Workflow>> {
// Ensure caller is authenticated (guest allowed when auth disabled)
await requireAuth();
// Otherwise, look up by shared id in MongoDB
// Look up by shared id in MongoDB
const coll = db.collection<SharedWorkflowDoc>(SHARED_WORKFLOWS_COLLECTION);
const doc = await coll.findOne(
{ _id: idOrUrl },
{ _id: id },
{ projection: { workflow: 1, expiresAt: 1 } }
);
if (!doc) {
@ -65,4 +63,3 @@ export async function loadSharedWorkflow(idOrUrl: string): Promise<z.infer<typeo
}
return validateWorkflowJson(doc.workflow);
}