From 93d5015c991d961c3b16e489d4e7e56b89b86e6e Mon Sep 17 00:00:00 2001 From: Joao Ramos Date: Thu, 11 Jan 2024 00:06:09 +0000 Subject: [PATCH] Exported Route for CORS usage --- next.config.js | 24 ++++++++++++++++++++++-- src/pages/api/packages/index.ts | 10 +++++----- 2 files changed, 27 insertions(+), 7 deletions(-) diff --git a/next.config.js b/next.config.js index 481272cf..3b287828 100644 --- a/next.config.js +++ b/next.config.js @@ -1,7 +1,27 @@ /** @type {import('next').NextConfig} */ const nextConfig = { - reactStrictMode: true, - output: "standalone", + reactStrictMode: true, + output: "standalone", + async headers() { + return [ + { + source: "/api/packages", + headers: [ + { key: "Access-Control-Allow-Credentials", value: "false" }, + { key: "Access-Control-Allow-Origin", value: "http://localhost:3000" }, + { + key: "Access-Control-Allow-Methods", + value: "GET", + }, + { + key: "Access-Control-Allow-Headers", + value: + "Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date", + }, + ], + }, + ]; + }, }; module.exports = nextConfig; diff --git a/src/pages/api/packages/index.ts b/src/pages/api/packages/index.ts index 694cdb8c..a2424370 100644 --- a/src/pages/api/packages/index.ts +++ b/src/pages/api/packages/index.ts @@ -13,11 +13,6 @@ const db = getFirestore(app); export default withIronSessionApiRoute(handler, sessionOptions); async function handler(req: NextApiRequest, res: NextApiResponse) { - if (!req.session.user) { - res.status(401).json({ok: false}); - return; - } - if (req.method === "GET") await get(req, res); if (req.method === "POST") await post(req, res); } @@ -34,6 +29,11 @@ async function get(req: NextApiRequest, res: NextApiResponse) { } async function post(req: NextApiRequest, res: NextApiResponse) { + if (!req.session.user) { + res.status(401).json({ok: false}); + return; + } + if (!["developer", "admin"].includes(req.session.user!.type)) return res.status(403).json({ok: false, reason: "You do not have permission to create a new package"});