Merge branch 'develop' into feature/62/upload-users-with-excel

next.config.js

@@ -1,7 +1,27 @@
 /** @type {import('next').NextConfig} */
 const nextConfig = {
-	reactStrictMode: true,
+  reactStrictMode: true,
-	output: "standalone",
+  output: "standalone",
+  async headers() {
+    return [
+      {
+        source: "/api/packages",
+        headers: [
+          { key: "Access-Control-Allow-Credentials", value: "false" },
+          { key: "Access-Control-Allow-Origin", value: process.env.WEBSITE_URL },
+          {
+            key: "Access-Control-Allow-Methods",
+            value: "GET",
+          },
+          {
+            key: "Access-Control-Allow-Headers",
+            value:
+              "Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date",
+          },
+        ],
+      },
+    ];
+  },
 };
 
 module.exports = nextConfig;

src/pages/api/packages/index.ts

@@ -13,11 +13,6 @@ const db = getFirestore(app);
 export default withIronSessionApiRoute(handler, sessionOptions);
 
 async function handler(req: NextApiRequest, res: NextApiResponse) {
-	if (!req.session.user) {
-		res.status(401).json({ok: false});
-		return;
-	}
-
 	if (req.method === "GET") await get(req, res);
 	if (req.method === "POST") await post(req, res);
 }
@@ -34,6 +29,11 @@ async function get(req: NextApiRequest, res: NextApiResponse) {
 }
 
 async function post(req: NextApiRequest, res: NextApiResponse) {
+	if (!req.session.user) {
+		res.status(401).json({ok: false});
+		return;
+	}
+	
 	if (!["developer", "admin"].includes(req.session.user!.type))
 		return res.status(403).json({ok: false, reason: "You do not have permission to create a new package"});