mirror of
https://github.com/simstudioai/sim.git
synced 2026-04-28 03:00:29 -04:00
6b412c578d
* fix(security): add authentication to tool API routes * fix(drive): use checkSessionOrInternalAuth to allow browser access * fix(selectors): use checkSessionOrInternalAuth for UI-accessible routes
115 lines
3.4 KiB
TypeScript
115 lines
3.4 KiB
TypeScript
import { createLogger } from '@sim/logger'
|
|
import { type NextRequest, NextResponse } from 'next/server'
|
|
import { checkInternalAuth } from '@/lib/auth/hybrid'
|
|
import { validateJiraCloudId, validateJiraIssueKey } from '@/lib/core/security/input-validation'
|
|
import { getJiraCloudId, getJsmApiBaseUrl, getJsmHeaders } from '@/tools/jsm/utils'
|
|
|
|
export const dynamic = 'force-dynamic'
|
|
|
|
const logger = createLogger('JsmCommentsAPI')
|
|
|
|
export async function POST(request: NextRequest) {
|
|
const auth = await checkInternalAuth(request)
|
|
if (!auth.success || !auth.userId) {
|
|
return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
|
|
}
|
|
|
|
try {
|
|
const body = await request.json()
|
|
const {
|
|
domain,
|
|
accessToken,
|
|
cloudId: cloudIdParam,
|
|
issueIdOrKey,
|
|
isPublic,
|
|
internal,
|
|
start,
|
|
limit,
|
|
} = body
|
|
|
|
if (!domain) {
|
|
logger.error('Missing domain in request')
|
|
return NextResponse.json({ error: 'Domain is required' }, { status: 400 })
|
|
}
|
|
|
|
if (!accessToken) {
|
|
logger.error('Missing access token in request')
|
|
return NextResponse.json({ error: 'Access token is required' }, { status: 400 })
|
|
}
|
|
|
|
if (!issueIdOrKey) {
|
|
logger.error('Missing issueIdOrKey in request')
|
|
return NextResponse.json({ error: 'Issue ID or key is required' }, { status: 400 })
|
|
}
|
|
|
|
const cloudId = cloudIdParam || (await getJiraCloudId(domain, accessToken))
|
|
|
|
const cloudIdValidation = validateJiraCloudId(cloudId, 'cloudId')
|
|
if (!cloudIdValidation.isValid) {
|
|
return NextResponse.json({ error: cloudIdValidation.error }, { status: 400 })
|
|
}
|
|
|
|
const issueIdOrKeyValidation = validateJiraIssueKey(issueIdOrKey, 'issueIdOrKey')
|
|
if (!issueIdOrKeyValidation.isValid) {
|
|
return NextResponse.json({ error: issueIdOrKeyValidation.error }, { status: 400 })
|
|
}
|
|
|
|
const baseUrl = getJsmApiBaseUrl(cloudId)
|
|
|
|
const params = new URLSearchParams()
|
|
if (isPublic) params.append('public', isPublic)
|
|
if (internal) params.append('internal', internal)
|
|
if (start) params.append('start', start)
|
|
if (limit) params.append('limit', limit)
|
|
|
|
const url = `${baseUrl}/request/${issueIdOrKey}/comment${params.toString() ? `?${params.toString()}` : ''}`
|
|
|
|
logger.info('Fetching comments from:', url)
|
|
|
|
const response = await fetch(url, {
|
|
method: 'GET',
|
|
headers: getJsmHeaders(accessToken),
|
|
})
|
|
|
|
if (!response.ok) {
|
|
const errorText = await response.text()
|
|
logger.error('JSM API error:', {
|
|
status: response.status,
|
|
statusText: response.statusText,
|
|
error: errorText,
|
|
})
|
|
|
|
return NextResponse.json(
|
|
{ error: `JSM API error: ${response.status} ${response.statusText}`, details: errorText },
|
|
{ status: response.status }
|
|
)
|
|
}
|
|
|
|
const data = await response.json()
|
|
|
|
return NextResponse.json({
|
|
success: true,
|
|
output: {
|
|
ts: new Date().toISOString(),
|
|
issueIdOrKey,
|
|
comments: data.values || [],
|
|
total: data.size || 0,
|
|
isLastPage: data.isLastPage ?? true,
|
|
},
|
|
})
|
|
} catch (error) {
|
|
logger.error('Error fetching comments:', {
|
|
error: error instanceof Error ? error.message : String(error),
|
|
stack: error instanceof Error ? error.stack : undefined,
|
|
})
|
|
|
|
return NextResponse.json(
|
|
{
|
|
error: error instanceof Error ? error.message : 'Internal server error',
|
|
success: false,
|
|
},
|
|
{ status: 500 }
|
|
)
|
|
}
|
|
}
|