xevion/xevion.dev
1
0
Fork 0
mirror of https://github.com/Xevion/xevion.dev.git synced 2025-12-05 23:16:57 -06:00
Code Issues Packages Projects Releases Wiki Activity

Allow passing CRON_SECRET via query parameter, use production only, don't return response directly

Browse Source
This commit is contained in:
Xevion
2024-12-31 19:54:21 -06:00
parent 7c30bb7082
commit 23c6b68179
1 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/pages/api/cron/updated.ts
View File

@@ -200,12 +200,15 @@ export default async function handler(
}
// Ensure the cron request is authenticated
if (process.env.NODE_ENV !== "development") {
if (process.env.NODE_ENV === "production") {
const authHeader = req.headers["authorization"];
if (authHeader !== `Bearer ${CRON_SECRET}`) {
return new Response("Unauthorized", {
status: 401,
});
const secretQueryParam = req.query.secret;
if (
authHeader !== `Bearer ${CRON_SECRET}` &&
secretQueryParam !== CRON_SECRET
) {
res.status(401).json({ error: "Unauthorized" });
return;
}
}