diff options
| author | Fuwn <[email protected]> | 2026-02-08 07:30:20 -0800 |
|---|---|---|
| committer | Fuwn <[email protected]> | 2026-02-08 07:30:20 -0800 |
| commit | 77b541b358896f077de771f692a2cea48492c296 (patch) | |
| tree | 20d994a545601b628cf0635c6b5fbef4378d3fce /apps/web/app/api/webhook-config/test/route.ts | |
| parent | feat: add support email to account settings (diff) | |
| download | asa.news-77b541b358896f077de771f692a2cea48492c296.tar.xz asa.news-77b541b358896f077de771f692a2cea48492c296.zip | |
feat: add Vercel BotID protection and fix billing origin fallback
Set up BotID bot detection on sensitive API routes (share, billing,
account, webhook-config). Adds client instrumentation, server-side
checkBotId() guards, and withBotId next config wrapper.
Also fix checkout/portal session routes to fall back to request origin
when NEXT_PUBLIC_APP_URL is not set, and center SVG icon properly.
Diffstat (limited to 'apps/web/app/api/webhook-config/test/route.ts')
| -rw-r--r-- | apps/web/app/api/webhook-config/test/route.ts | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/apps/web/app/api/webhook-config/test/route.ts b/apps/web/app/api/webhook-config/test/route.ts index 6171da4..5e58c9c 100644 --- a/apps/web/app/api/webhook-config/test/route.ts +++ b/apps/web/app/api/webhook-config/test/route.ts @@ -4,8 +4,14 @@ import { createSupabaseServerClient } from "@/lib/supabase/server" import { createSupabaseAdminClient } from "@/lib/supabase/admin" import { TIER_LIMITS, type SubscriptionTier } from "@asa-news/shared" import { rateLimit } from "@/lib/rate-limit" +import { checkBotId } from "botid/server" export async function POST() { + const botVerification = await checkBotId() + if (botVerification.isBot) { + return NextResponse.json({ error: "access denied" }, { status: 403 }) + } + const supabaseClient = await createSupabaseServerClient() const { data: { user }, |