github/sim
1
1
Fork 0
mirror of https://github.com/simstudioai/sim.git synced 2026-04-28 03:00:29 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
c6bf5cd58c887a01a4cec1735a62f8d21eebf2bc
sim/apps/sim/app/api/tools/dynamodb/scan/route.ts
Waleed 6b412c578d fix(security): add authentication to remaining tool API routes (#3028) 
* fix(security): add authentication to tool API routes

* fix(drive): use checkSessionOrInternalAuth to allow browser access

* fix(selectors): use checkSessionOrInternalAuth for UI-accessible routes
2026-01-27 12:37:03 -08:00

52 lines
2.0 KiB
TypeScript
Raw Blame History

import { type NextRequest, NextResponse } from 'next/server'
import { z } from 'zod'
import { checkInternalAuth } from '@/lib/auth/hybrid'
import { createDynamoDBClient, scanItems } from '@/app/api/tools/dynamodb/utils'
const ScanSchema = z.object({
region: z.string().min(1, 'AWS region is required'),
accessKeyId: z.string().min(1, 'AWS access key ID is required'),
secretAccessKey: z.string().min(1, 'AWS secret access key is required'),
tableName: z.string().min(1, 'Table name is required'),
filterExpression: z.string().optional(),
projectionExpression: z.string().optional(),
expressionAttributeNames: z.record(z.string()).optional(),
expressionAttributeValues: z.record(z.unknown()).optional(),
limit: z.number().positive().optional(),
})
export async function POST(request: NextRequest) {
try {
const auth = await checkInternalAuth(request)
if (!auth.success || !auth.userId) {
return NextResponse.json({ error: auth.error || 'Unauthorized' }, { status: 401 })
}
const body = await request.json()
const validatedData = ScanSchema.parse(body)
const client = createDynamoDBClient({
region: validatedData.region,
accessKeyId: validatedData.accessKeyId,
secretAccessKey: validatedData.secretAccessKey,
})
const result = await scanItems(client, validatedData.tableName, {
filterExpression: validatedData.filterExpression,
projectionExpression: validatedData.projectionExpression,
expressionAttributeNames: validatedData.expressionAttributeNames,
expressionAttributeValues: validatedData.expressionAttributeValues,
limit: validatedData.limit,
})
return NextResponse.json({
message: `Scan returned ${result.count} items`,
items: result.items,
count: result.count,
})
} catch (error) {
const errorMessage = error instanceof Error ? error.message : 'DynamoDB scan failed'
return NextResponse.json({ error: errorMessage }, { status: 500 })
}
}
Reference in New Issue View Git Blame Copy Permalink