api: guard movies/:id/{comments,stream} endpoint

mirsella · Dec 22, 2024 · fb7bf26 · fb7bf26
1 parent 3e31169
commit fb7bf26
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 7 deletions.
diff --git a/Docker_Config/jackett/Jackett/ServerConfig.json b/Docker_Config/jackett/Jackett/ServerConfig.json
@@ -3,9 +3,9 @@
   "LocalBindAddress": "127.0.0.1",
   "AllowExternal": true,
   "AllowCORS": true,
-  "APIKey": "",
+  "APIKey": "llbzxb16jb11sh5vdpjr4gswonaqb4xy",
   "AdminPassword": null,
-  "InstanceId": "",
+  "InstanceId": "yt57bf3jjvuxyhdd15afwl625a9b0tzxoq75ytdgrn9e9ckq7f0xaxzlz57zcy1i",
   "BlackholeDir": null,
   "UpdateDisabled": false,
   "UpdatePrerelease": false,

diff --git a/server/api/movies/[id]/comments.get.ts b/server/api/movies/[id]/comments.get.ts
@@ -1,5 +1,9 @@
+import { getServerSession } from "#auth";
+
 export default defineEventHandler(async (event) => {
-  // TODO: check auth
+  const session = await getServerSession(event);
+  if (!session) throw createError({ statusCode: 401 });
+
   const id = getRouterParam(event, "id");
   if (!id) throw createError({ statusCode: 400 });
   return await db

diff --git a/server/api/movies/[id]/comments.post.ts b/server/api/movies/[id]/comments.post.ts
@@ -1,13 +1,22 @@
+import { getServerSession, getToken } from "#auth";
+
 export default defineEventHandler(async (event) => {
-  // TODO: check auth
+  const session = await getServerSession(event);
+  const token = await getToken({ event });
+  if (!session || !token?.email) throw createError({ statusCode: 401 });
+
+  const users = await db
+    .select({ id: tables.users.id })
+    .from(tables.users)
+    .where(eq(tables.users.email, token.email));
+
   const body = await readBody<{ content: string }>(event, {
     strict: true,
   });
   const id = getRouterParam(event, "id");
   if (!body?.content || !id) throw createError({ statusCode: 400 });
   return await db
     .insert(tables.comments)
-    // TODO: add user id from auth
-    .values({ content: body.content, movie_id: id })
+    .values({ content: body.content, movie_id: id, authorId: users[0].id })
     .returning();
 });
diff --git a/server/api/movies/[id]/stream.get.ts b/server/api/movies/[id]/stream.get.ts
@@ -4,14 +4,17 @@ import stream from "stream";
 import fs from "fs";
 import path from "path";
 import WebTorrent from "webtorrent";
+import { getServerSession } from "#auth";
 
 let torrent_client: null | WebTorrent.Instance = null;
 
 export default defineEventHandler(
   async (
     event,
   ): Promise<stream.Readable | stream.Writable | stream.PassThrough> => {
-    // TODO: check auth
+    const session = await getServerSession(event);
+    if (!session) throw createError({ statusCode: 401 });
+
     const moviesDir = useRuntimeConfig(event).moviesDir;
     if (!fs.existsSync(moviesDir)) fs.mkdirSync(moviesDir);
     const id = getRouterParam(event, "id");