diff options
| author | Fuwn <[email protected]> | 2026-02-08 07:30:20 -0800 |
|---|---|---|
| committer | Fuwn <[email protected]> | 2026-02-08 07:30:20 -0800 |
| commit | 77b541b358896f077de771f692a2cea48492c296 (patch) | |
| tree | 20d994a545601b628cf0635c6b5fbef4378d3fce /apps/web/instrumentation-client.ts | |
| parent | feat: add support email to account settings (diff) | |
| download | asa.news-77b541b358896f077de771f692a2cea48492c296.tar.xz asa.news-77b541b358896f077de771f692a2cea48492c296.zip | |
feat: add Vercel BotID protection and fix billing origin fallback
Set up BotID bot detection on sensitive API routes (share, billing,
account, webhook-config). Adds client instrumentation, server-side
checkBotId() guards, and withBotId next config wrapper.
Also fix checkout/portal session routes to fall back to request origin
when NEXT_PUBLIC_APP_URL is not set, and center SVG icon properly.
Diffstat (limited to 'apps/web/instrumentation-client.ts')
| -rw-r--r-- | apps/web/instrumentation-client.ts | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/apps/web/instrumentation-client.ts b/apps/web/instrumentation-client.ts new file mode 100644 index 0000000..fe63979 --- /dev/null +++ b/apps/web/instrumentation-client.ts @@ -0,0 +1,14 @@ +import { initBotId } from "botid/client/core" + +initBotId({ + protect: [ + { path: "/api/share", method: "POST" }, + { path: "/api/share/*", method: "DELETE" }, + { path: "/api/share/*", method: "PATCH" }, + { path: "/api/billing/create-checkout-session", method: "POST" }, + { path: "/api/billing/create-portal-session", method: "POST" }, + { path: "/api/account", method: "DELETE" }, + { path: "/api/webhook-config", method: "PUT" }, + { path: "/api/webhook-config/test", method: "POST" }, + ], +}) |