feat: require admin token for ingestion endpoints

2026-02-01 03:08:15 -08:00
parent 50aa6008e3
commit 7c8406c7cc
6 changed files with 249 additions and 185 deletions
--- a/apps/web/app/api/imports/[id]/upload/route.ts
+++ b/apps/web/app/api/imports/[id]/upload/route.ts
@@ -1,108 +1,16 @@
-import { randomUUID } from "crypto";
-import { Readable } from "stream";
-import type { ReadableStream as NodeReadableStream } from "node:stream/web";
-
-import { PutObjectCommand } from "@aws-sdk/client-s3";
-import { z } from "zod";
-
-import { getDb } from "@tline/db";
-import { getMinioBucket, getMinioInternalClient } from "@tline/minio";
-import { enqueueProcessAsset } from "@tline/queue";
+import { getAdminOk, handleUploadImport } from "../handlers";

 export const runtime = "nodejs";

-const paramsSchema = z.object({ id: z.string().uuid() });
-
-const contentTypeMediaMap: Array<{
-  match: (ct: string) => boolean;
-  mediaType: "image" | "video";
-}> = [
-  { match: (ct) => ct.startsWith("image/"), mediaType: "image" },
-  { match: (ct) => ct.startsWith("video/"), mediaType: "video" },
-];
-
-function inferMediaTypeFromContentType(ct: string): "image" | "video" | null {
-  const found = contentTypeMediaMap.find((m) => m.match(ct));
-  return found?.mediaType ?? null;
-}
-
-function inferExtFromContentType(ct: string): string {
-  const parts = ct.split("/");
-  const ext = parts[1] ?? "bin";
-  return ext.replace(/[^a-zA-Z0-9]+/g, "").toLowerCase() || "bin";
-}
-
 export async function POST(
  request: Request,
  context: { params: Promise<{ id: string }> },
 ): Promise<Response> {
  const rawParams = await context.params;
-  const paramsParsed = paramsSchema.safeParse(rawParams);
-  if (!paramsParsed.success) {
-    return Response.json(
-      { error: "invalid_params", issues: paramsParsed.error.issues },
-      { status: 400 },
-    );
-  }
-  const params = paramsParsed.data;
-
-  const contentType = request.headers.get("content-type") ?? "application/octet-stream";
-  const mediaType = inferMediaTypeFromContentType(contentType);
-  if (!mediaType) {
-    return Response.json({ error: "unsupported_content_type", contentType }, { status: 400 });
-  }
-
-  const bucket = getMinioBucket();
-  const ext = inferExtFromContentType(contentType);
-  const objectId = randomUUID();
-  const key = `staging/${params.id}/${objectId}.${ext}`;
-
-  const db = getDb();
-  const [imp] = await db<{ id: string }[]>`
-    select id
-    from imports
-    where id = ${params.id}
-    limit 1
-  `;
-
-  if (!imp) {
-    return Response.json({ error: "import_not_found" }, { status: 404 });
-  }
-
-  if (!request.body) {
-    return Response.json({ error: "missing_body" }, { status: 400 });
-  }
-
-  const s3 = getMinioInternalClient();
-  const bodyStream = Readable.fromWeb(request.body as unknown as NodeReadableStream);
-  await s3.send(
-    new PutObjectCommand({
-      Bucket: bucket,
-      Key: key,
-      Body: bodyStream,
-      ContentType: contentType,
-    }),
-  );
-
-  const rows = await db<
-    {
-      id: string;
-      status: "new" | "processing" | "ready" | "failed";
-    }[]
-  >`
-    insert into assets (bucket, media_type, mime_type, source_key, active_key)
-    values (${bucket}, ${mediaType}, ${contentType}, ${key}, ${key})
-    on conflict (bucket, source_key)
-    do update set active_key = excluded.active_key
-    returning id, status
-  `;
-
-  const asset = rows[0];
-  if (!asset) {
-    return Response.json({ error: "asset_insert_failed" }, { status: 500 });
-  }
-
-  await enqueueProcessAsset({ assetId: asset.id });
-
-  return Response.json({ ok: true, importId: imp.id, assetId: asset.id, bucket, key });
+  const res = await handleUploadImport({
+    adminOk: getAdminOk(request.headers),
+    params: rawParams,
+    request,
+  });
+  return Response.json(res.body, { status: res.status });
 }