Files
wehub-resource-sync c48612c494
CI / E2E Tests (push) Has been cancelled
CI / Lint, Typecheck & Unit Tests (push) Has been cancelled
Docs Build / Build docs site (push) Has been cancelled
Publish @openmaic packages / Build, validate & publish (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 13:03:23 +08:00

42 lines
1.2 KiB
TypeScript

import { cookies } from 'next/headers';
import { timingSafeEqual } from 'crypto';
import { apiError, apiSuccess } from '@/lib/server/api-response';
import { createAccessToken } from '@/lib/server/access-token';
export async function POST(request: Request) {
const accessCode = process.env.ACCESS_CODE;
if (!accessCode) {
return apiSuccess({ valid: true });
}
let body: { code?: string };
try {
body = await request.json();
} catch {
return apiError('INVALID_REQUEST', 400, 'Invalid JSON body');
}
// Constant-time comparison
if (!body.code) {
return apiError('INVALID_REQUEST', 401, 'Invalid access code');
}
const encoder = new TextEncoder();
const a = encoder.encode(body.code);
const b = encoder.encode(accessCode);
if (a.byteLength !== b.byteLength || !timingSafeEqual(a, b)) {
return apiError('INVALID_REQUEST', 401, 'Invalid access code');
}
const token = createAccessToken(accessCode);
const cookieStore = await cookies();
cookieStore.set('openmaic_access', token, {
httpOnly: true,
sameSite: 'lax',
path: '/',
maxAge: 60 * 60 * 24 * 7, // 7 days
secure: process.env.NODE_ENV === 'production',
});
return apiSuccess({ valid: true });
}