Skip to content

Commit

Permalink
Merge pull request #23 from kameiryohei/protect-api
Browse files Browse the repository at this point in the history
全てのAPIを保護するためにリクエスト時にkeyを要求するよう変更
  • Loading branch information
kameiryohei authored Oct 10, 2024
2 parents 437b888 + 582c9f5 commit c34a4ea
Showing 17 changed files with 53 additions and 2 deletions.
1 change: 1 addition & 0 deletions app/allPost/[id]/components/CourseReview.tsx
Original file line number Diff line number Diff line change
@@ -41,6 +41,7 @@ const CourseReview = ({ id }: CourseReviewProps) => {
}),
headers: {
"Content-Type": "application/json",
"x-api-key": process.env.NEXT_PUBLIC_API_KEY || "",
},
});
if (!res.ok) {
2 changes: 2 additions & 0 deletions app/allPost/[id]/components/ParticleReview.tsx
Original file line number Diff line number Diff line change
@@ -11,6 +11,8 @@ async function getReviewData(id: number, host: string) {
`${config.apiPrefix}${host}/api/post/coursepost/${id}`,
{
cache: "no-store", //ssr
method: "GET",
headers: { "x-api-key": process.env.NEXT_PUBLIC_API_KEY || "" },
}
);
const data = await res.json();
2 changes: 2 additions & 0 deletions app/allPost/[id]/page.tsx
Original file line number Diff line number Diff line change
@@ -10,6 +10,8 @@ import ReviewSection from "./components/ReviewSection";
async function getDetailData(id: number, host: string) {
const res = await fetch(`${config.apiPrefix}${host}/api/plan/${id}`, {
cache: "no-store", //ssr
method: "GET",
headers: { "x-api-key": process.env.NEXT_PUBLIC_API_KEY || "" },
});
const data = await res.json();
return data;
2 changes: 2 additions & 0 deletions app/allPost/components/CourseCardCore.tsx
Original file line number Diff line number Diff line change
@@ -8,6 +8,8 @@ async function getAllCoursesDate(host: string) {
next: {
revalidate: 3600, //ISRを一時間に設定
},
method: "GET",
headers: { "x-api-key": process.env.NEXT_PUBLIC_API_KEY || "" },
});
const data = await res.json();
return data.posts;
1 change: 1 addition & 0 deletions app/create/create-plan/components/CourseCreateForm.tsx
Original file line number Diff line number Diff line change
@@ -51,6 +51,7 @@ const CourseCreateForm = ({ planId }: CourseCreateFormProps) => {
body: JSON.stringify({ courses, planId }),
headers: {
"Content-Type": "application/json",
"x-api-key": process.env.NEXT_PUBLIC_API_KEY || "",
},
});
if (!res.ok) {
1 change: 1 addition & 0 deletions app/create/editplan/[id]/components/DeleteCourse.tsx
Original file line number Diff line number Diff line change
@@ -17,6 +17,7 @@ const DeleteCourse = ({ planId }: DeleteCourseProps) => {
method: "DELETE",
headers: {
"Content-Type": "application/json",
"x-api-key": process.env.NEXT_PUBLIC_API_KEY || "",
},
body: JSON.stringify({ planId }),
});
2 changes: 2 additions & 0 deletions app/create/editplan/[id]/page.tsx
Original file line number Diff line number Diff line change
@@ -5,6 +5,8 @@ import EditPlanCore from "./components/EditPlanCore";
async function getDetailCourseData(id: number, host: string) {
const res = await fetch(`${config.apiPrefix}${host}/api/plan/detail/${id}`, {
cache: "no-store", //ssr
method: "GET",
headers: { "x-api-key": process.env.NEXT_PUBLIC_API_KEY || "" },
});
const data = await res.json();
return data.plans;
1 change: 1 addition & 0 deletions app/create/page.tsx
Original file line number Diff line number Diff line change
@@ -45,6 +45,7 @@ const PlanCreate = () => {
}),
headers: {
"Content-Type": "application/json",
"x-api-key": process.env.NEXT_PUBLIC_API_KEY || "",
},
});
if (!res.ok) {
8 changes: 7 additions & 1 deletion app/hooks/useUser.ts
Original file line number Diff line number Diff line change
@@ -6,7 +6,13 @@ import { UserType } from "./types/UserType";
import useSWR from "swr";

async function fetcher(url: string) {
return fetch(url).then((res) => res.json());
const res = await fetch(url, {
headers: {
"Content-Type": "application/json",
"x-api-key": process.env.NEXT_PUBLIC_API_KEY || "",
},
});
return res.json();
}

export default function useUser() {
1 change: 1 addition & 0 deletions app/post/page.tsx
Original file line number Diff line number Diff line change
@@ -35,6 +35,7 @@ const AddPostPage = () => {
method: "DELETE",
headers: {
"Content-Type": "application/json",
"x-api-key": process.env.NEXT_PUBLIC_API_KEY || "",
},
body: JSON.stringify({ postId }),
});
1 change: 1 addition & 0 deletions app/profile/edit/components/EditProfile.ts
Original file line number Diff line number Diff line change
@@ -12,6 +12,7 @@ export const EditProfile = async (
method: "PUT",
headers: {
"Content-Type": "application/json",
"x-api-key": process.env.NEXT_PUBLIC_API_KEY || "",
},
body: JSON.stringify({
name,
1 change: 1 addition & 0 deletions app/profile/edit/page.tsx
Original file line number Diff line number Diff line change
@@ -25,6 +25,7 @@ const EditProfile = async (
method: "PUT",
headers: {
"Content-Type": "application/json",
"x-api-key": process.env.NEXT_PUBLIC_API_KEY || "",
},
body: JSON.stringify({
name,
2 changes: 2 additions & 0 deletions app/updatePlan/[id]/EditCorseList.tsx
Original file line number Diff line number Diff line change
@@ -23,6 +23,7 @@ const EditCorseList = ({ id, name, content }: EditCorseListProps) => {
method: "DELETE",
headers: {
"Content-Type": "application/json",
"x-api-key": process.env.NEXT_PUBLIC_API_KEY || "",
},
body: JSON.stringify({ courseId }),
});
@@ -54,6 +55,7 @@ const EditCorseList = ({ id, name, content }: EditCorseListProps) => {
method: "PUT",
headers: {
"Content-Type": "application/json",
"x-api-key": process.env.NEXT_PUBLIC_API_KEY || "",
},
body: JSON.stringify({ courseId, name, content }),
});
1 change: 1 addition & 0 deletions app/updatePlan/[id]/components/AddCourse.tsx
Original file line number Diff line number Diff line change
@@ -46,6 +46,7 @@ const CourseCreateForm = ({ planId }: AddCourseProps) => {
body: JSON.stringify({ courses, planId }),
headers: {
"Content-Type": "application/json",
"x-api-key": process.env.NEXT_PUBLIC_API_KEY || "",
},
});
if (!res.ok) {
1 change: 1 addition & 0 deletions app/updatePlan/[id]/components/UpdatePageCore.tsx
Original file line number Diff line number Diff line change
@@ -45,6 +45,7 @@ const UpdatePageCore = ({
method: "PUT",
headers: {
"Content-Type": "application/json",
"x-api-key": process.env.NEXT_PUBLIC_API_KEY || "",
},
body: JSON.stringify({ id, title, content }),
});
8 changes: 7 additions & 1 deletion app/updatePlan/[id]/page.tsx
Original file line number Diff line number Diff line change
@@ -3,7 +3,13 @@ import UpdatePageCore from "./components/UpdatePageCore";
import { config } from "lib/config";

async function getDetailData(id: number, host: string) {
const res = await fetch(`${config.apiPrefix}${host}/api/plan/update/${id}`);
const res = await fetch(`${config.apiPrefix}${host}/api/plan/update/${id}`, {
cache: "no-store", //ssr
method: "GET",
headers: {
"x-api-key": process.env.NEXT_PUBLIC_API_KEY || "",
},
});
const data = await res.json();
return data;
}
20 changes: 20 additions & 0 deletions middleware.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
import { NextResponse } from "next/server";
import type { NextRequest } from "next/server";

export function middleware(req: NextRequest) {
// APIへのアクセスに対してのみミドルウェアを適用
if (req.nextUrl.pathname.startsWith("/api")) {
// x-api-keyの検証
const apiKey = req.headers.get("x-api-key");
if (apiKey !== process.env.NEXT_PUBLIC_API_KEY) {
return NextResponse.json({ message: "Unauthorized" }, { status: 401 });
}
}

return NextResponse.next();
}

// ミドルウェアの適用範囲を指定
export const config = {
matcher: "/api/:path*", // すべてのAPIエンドポイントに適用
};

0 comments on commit c34a4ea

Please sign in to comment.