From ce2adb9b81f5ee20293d642f0f95bedfdbde3e90 Mon Sep 17 00:00:00 2001
From: heimoshuiyu <heimoshuiyu@gmail.com>
Date: Thu, 16 Feb 2023 23:01:04 +0800
Subject: [PATCH] check token on api post request

---
 pages/api/admin.ts  | 17 +++++++++++------
 pages/api/config.ts |  4 ++++
 pages/api/html.ts   |  5 +++++
 3 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/pages/api/admin.ts b/pages/api/admin.ts
index 81a2cf8..8d54928 100644
--- a/pages/api/admin.ts
+++ b/pages/api/admin.ts
@@ -1,15 +1,20 @@
 import type { NextApiRequest, NextApiResponse } from "next";
-import {store, html} from "@/store";
+import { store, html } from "@/store";
+import config from "@/config";
 
 export default function handler(
   req: NextApiRequest,
-  res: NextApiResponse<Record<string, string>>,
+  res: NextApiResponse<Record<string, string>>
 ) {
-  if (req.method === 'POST') {
+  if (req.method === "POST") {
+    if (req.headers.token !== config.token) {
+      res.status(403).json({ error: "wrong token" });
+      return;
+    }
     // update store
-    console.log('admin', req.body)
-    const json = req.body
-    store.update(json)
+    console.log("admin", req.body);
+    const json = req.body;
+    store.update(json);
   }
   res.status(200).json(store.get());
 }
diff --git a/pages/api/config.ts b/pages/api/config.ts
index 892a1c4..fae065a 100644
--- a/pages/api/config.ts
+++ b/pages/api/config.ts
@@ -3,6 +3,10 @@ import config from "@/config";
 
 export default function handler(req: NextApiRequest, res: NextApiResponse) {
   if (req.method === "POST") {
+    if (req.headers.token !== config.token) {
+      res.status(403).json({ error: "wrong token" });
+      return;
+    }
     // update config
     config.begin = req.body.begin ?? config.begin;
     config.limit = req.body.limit ?? config.limit;
diff --git a/pages/api/html.ts b/pages/api/html.ts
index 447948a..dfb76d1 100644
--- a/pages/api/html.ts
+++ b/pages/api/html.ts
@@ -1,8 +1,13 @@
 import type { NextApiRequest, NextApiResponse } from "next";
 import { html } from "@/store";
+import config from "@/config";
 
 export default function handler(req: NextApiRequest, res: NextApiResponse) {
   if (req.method === "POST") {
+    if (req.headers.token !== config.token) {
+      res.status(403).json({ error: "wrong token" });
+      return;
+    }
     html.set(req.body.html);
   }
   res.status(200).json({