debut refacto
This commit is contained in:
+39
@@ -0,0 +1,39 @@
|
||||
import { timingSafeEqual } from 'crypto'
|
||||
import { NextRequest, NextResponse } from 'next/server'
|
||||
|
||||
/**
|
||||
* Validate the upload secret from request headers.
|
||||
* Returns null if valid, or a NextResponse error if invalid.
|
||||
*/
|
||||
export function validateUploadSecret(req: NextRequest): NextResponse | null {
|
||||
const secret = req.headers.get('x-upload-secret')
|
||||
const expectedSecret = process.env.UPLOAD_SECRET_KEY
|
||||
|
||||
if (!expectedSecret) {
|
||||
return NextResponse.json(
|
||||
{ success: false, error: 'Configuration serveur incomplete (UPLOAD_SECRET_KEY manquant)' },
|
||||
{ status: 500 },
|
||||
)
|
||||
}
|
||||
|
||||
if (!secret) {
|
||||
return NextResponse.json(
|
||||
{ success: false, error: "Cle d'authentification manquante" },
|
||||
{ status: 401 },
|
||||
)
|
||||
}
|
||||
|
||||
// Timing-safe comparison to prevent timing attacks
|
||||
const a = Buffer.from(secret)
|
||||
const b = Buffer.from(expectedSecret)
|
||||
const isValid = a.length === b.length && timingSafeEqual(a, b)
|
||||
|
||||
if (!isValid) {
|
||||
return NextResponse.json(
|
||||
{ success: false, error: "Cle d'authentification invalide" },
|
||||
{ status: 401 },
|
||||
)
|
||||
}
|
||||
|
||||
return null
|
||||
}
|
||||
Reference in New Issue
Block a user