fix: require JWT auth on daily-chat endpoint, simplify Dockerfile Prisma generate
Build & Deploy Mobile / build-and-deploy (push) Failing after 10s
Build & Deploy Mobile / build-and-deploy (push) Failing after 10s
The /api/chat/daily route accepted a client-supplied userId with no auth check. Require a verified Bearer JWT and derive the user from the token instead. Also drop the manual openssl install and --schema flag from the Dockerfile now that a second `prisma generate` runs in the runner stage, and add a standard .dockerignore. Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01LwWLS2FYnE9ofqDF9hQFxA
This commit is contained in:
@@ -1,5 +1,6 @@
|
||||
import { NextRequest, NextResponse } from 'next/server'
|
||||
import { prisma } from '@/lib/prisma'
|
||||
import { verifyJWT } from '@/lib/auth'
|
||||
|
||||
// ─────────────────────────────────────────────
|
||||
// Greeting pools — tiered by engagement level
|
||||
@@ -44,10 +45,15 @@ function pickRandom<T>(pool: T[]): T {
|
||||
|
||||
export async function POST(req: NextRequest) {
|
||||
try {
|
||||
const { userId } = await req.json()
|
||||
if (!userId) {
|
||||
return NextResponse.json({ error: 'userId required' }, { status: 400 })
|
||||
const authHeader = req.headers.get('authorization')
|
||||
if (!authHeader?.startsWith('Bearer ')) {
|
||||
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
|
||||
}
|
||||
const payload = await verifyJWT(authHeader.slice(7))
|
||||
if (!payload) {
|
||||
return NextResponse.json({ error: 'Invalid token' }, { status: 401 })
|
||||
}
|
||||
const userId = payload.id
|
||||
|
||||
const user = await prisma.user.findUnique({ where: { id: userId } })
|
||||
if (!user) {
|
||||
|
||||
Reference in New Issue
Block a user