feat: secure the update route by api token

Mokto · May 11, 2024 · 1a1c6f3 · 1a1c6f3
1 parent d455dbd
commit 1a1c6f3
Showing 1 changed file with 13 additions and 2 deletions.
diff --git a/src/routes/api/openapi/+server.ts b/src/routes/api/openapi/+server.ts
@@ -1,10 +1,21 @@
 import type { RequestHandler } from './$types';
 import { json } from '@sveltejs/kit';
 import { prepareDatabase } from '$lib/utils/db';
+import { error } from '@sveltejs/kit';
+import { env } from '$env/dynamic/private';
 
-export const PUT: RequestHandler = async ({ request }) => {
-	const data = await request.json();
+export const PUT: RequestHandler = async ({ request, url }) => {
+	if (!env.API_TOKEN) {
+		error(
+			403,
+			'API_TOKEN must be defined in the environment variables before using this endpoint.'
+		);
+	}
+	if (url.searchParams.get('apiToken') !== env.API_TOKEN) {
+		error(403, 'Invalid API token.');
+	}
 
+	const data = await request.json();
 	await prepareDatabase(data);
 
 	return json({});