src/utils/apiAuth.js

/**
 * API route authentication helper
 * Validates user session for protected API endpoints
 */
import { API_URL } from '@/config';

/**
 * Check if the request has a valid authentication session
 * @param {Request} request - The incoming request
 * @returns {Promise<{user: object|null, error: Response|null, setCookieHeader: string|null}>}
 */
export async function requireApiAuth(request) {
  try {
    const cookieHeader = request.headers.get('cookie') ?? '';
    
    if (!cookieHeader) {
      return {
        user: null,
        error: new Response(JSON.stringify({ error: 'Authentication required' }), {
          status: 401,
          headers: { 'Content-Type': 'application/json' },
        }),
        setCookieHeader: null,
      };
    }

    // Try to get user identity
    let res = await fetch(`${API_URL}/auth/id`, {
      headers: { Cookie: cookieHeader },
      credentials: 'include',
    });

    let newSetCookieHeader = null;

    // If unauthorized, try to refresh the token
    if (res.status === 401) {
      const refreshRes = await fetch(`${API_URL}/auth/refresh`, {
        method: 'POST',
        headers: { Cookie: cookieHeader },
        credentials: 'include',
      });

      if (!refreshRes.ok) {
        return {
          user: null,
          error: new Response(JSON.stringify({ error: 'Session expired' }), {
            status: 401,
            headers: { 'Content-Type': 'application/json' },
          }),
          setCookieHeader: null,
        };
      }

      // Capture the Set-Cookie header from the refresh response to forward to client
      newSetCookieHeader = refreshRes.headers.get('set-cookie');
      
      let newCookieHeader = cookieHeader;

      if (newSetCookieHeader) {
        const cookiesArray = newSetCookieHeader.split(/,(?=\s*\w+=)/);
        newCookieHeader = cookiesArray.map(c => c.split(';')[0]).join('; ');
      } else {
        return {
          user: null,
          error: new Response(JSON.stringify({ error: 'Session refresh failed' }), {
            status: 401,
            headers: { 'Content-Type': 'application/json' },
          }),
          setCookieHeader: null,
        };
      }

      res = await fetch(`${API_URL}/auth/id`, {
        headers: { Cookie: newCookieHeader },
        credentials: 'include',
      });
    }

    if (!res.ok) {
      return {
        user: null,
        error: new Response(JSON.stringify({ error: 'Authentication failed' }), {
          status: 401,
          headers: { 'Content-Type': 'application/json' },
        }),
        setCookieHeader: null,
      };
    }

    const user = await res.json();
    return { user, error: null, setCookieHeader: newSetCookieHeader };
  } catch (err) {
    console.error('API auth error:', err);
    return {
      user: null,
      error: new Response(JSON.stringify({ error: 'Authentication error' }), {
        status: 500,
        headers: { 'Content-Type': 'application/json' },
      }),
      setCookieHeader: null,
    };
  }
}

/**
 * Helper to create a response with optional Set-Cookie header forwarding
 * @param {any} data - Response data
 * @param {number} status - HTTP status code  
 * @param {string|null} setCookieHeader - Set-Cookie header from auth refresh
 */
export function createApiResponse(data, status = 200, setCookieHeader = null) {
  const headers = { 'Content-Type': 'application/json' };
  if (setCookieHeader) {
    headers['Set-Cookie'] = setCookieHeader;
  }
  return new Response(JSON.stringify(data), { status, headers });
}
feat(api): add endpoints for fetching reaction users and searching messages - Implemented GET endpoint to fetch users who reacted with a specific emoji on a message. - Added validation for messageId and emoji parameters. - Enhanced user data retrieval with display names and avatar URLs. - Created a search endpoint for Discord messages with support for content and embed searches. - Included pagination and rate limiting for search results. feat(api): introduce image proxy and link preview endpoints - Developed an image proxy API to securely fetch images from untrusted domains. - Implemented HMAC signing for image URLs to prevent abuse. - Created a link preview API to fetch Open Graph metadata from URLs. - Added support for trusted domains and safe image URL generation. style(pages): create Discord logs page with authentication - Added a new page for displaying archived Discord channel logs. - Integrated authentication check to ensure user access. refactor(utils): enhance API authentication and database connection - Improved API authentication helper to manage user sessions and token refresh. - Established a PostgreSQL database connection utility for Discord logs. 2025-12-03 13:27:37 -05:00			`/**`
			`* API route authentication helper`
			`* Validates user session for protected API endpoints`
			`*/`
			`import { API_URL } from '@/config';`

			`/**`
			`* Check if the request has a valid authentication session`
			`* @param {Request} request - The incoming request`
			`* @returns {Promise<{user: object\|null, error: Response\|null, setCookieHeader: string\|null}>}`
			`*/`
			`export async function requireApiAuth(request) {`
			`try {`
			`const cookieHeader = request.headers.get('cookie') ?? '';`

			`if (!cookieHeader) {`
			`return {`
			`user: null,`
			`error: new Response(JSON.stringify({ error: 'Authentication required' }), {`
			`status: 401,`
			`headers: { 'Content-Type': 'application/json' },`
			`}),`
			`setCookieHeader: null,`
			`};`
			`}`

			`// Try to get user identity`
			let res = await fetch(`${API_URL}/auth/id`, {
			`headers: { Cookie: cookieHeader },`
			`credentials: 'include',`
			`});`

			`let newSetCookieHeader = null;`

			`// If unauthorized, try to refresh the token`
			`if (res.status === 401) {`
			const refreshRes = await fetch(`${API_URL}/auth/refresh`, {
			`method: 'POST',`
			`headers: { Cookie: cookieHeader },`
			`credentials: 'include',`
			`});`

			`if (!refreshRes.ok) {`
			`return {`
			`user: null,`
			`error: new Response(JSON.stringify({ error: 'Session expired' }), {`
			`status: 401,`
			`headers: { 'Content-Type': 'application/json' },`
			`}),`
			`setCookieHeader: null,`
			`};`
			`}`

			`// Capture the Set-Cookie header from the refresh response to forward to client`
			`newSetCookieHeader = refreshRes.headers.get('set-cookie');`

			`let newCookieHeader = cookieHeader;`

			`if (newSetCookieHeader) {`
			`const cookiesArray = newSetCookieHeader.split(/,(?=\s*\w+=)/);`
			`newCookieHeader = cookiesArray.map(c => c.split(';')[0]).join('; ');`
			`} else {`
			`return {`
			`user: null,`
			`error: new Response(JSON.stringify({ error: 'Session refresh failed' }), {`
			`status: 401,`
			`headers: { 'Content-Type': 'application/json' },`
			`}),`
			`setCookieHeader: null,`
			`};`
			`}`

			res = await fetch(`${API_URL}/auth/id`, {
			`headers: { Cookie: newCookieHeader },`
			`credentials: 'include',`
			`});`
			`}`

			`if (!res.ok) {`
			`return {`
			`user: null,`
			`error: new Response(JSON.stringify({ error: 'Authentication failed' }), {`
			`status: 401,`
			`headers: { 'Content-Type': 'application/json' },`
			`}),`
			`setCookieHeader: null,`
			`};`
			`}`

			`const user = await res.json();`
			`return { user, error: null, setCookieHeader: newSetCookieHeader };`
			`} catch (err) {`
			`console.error('API auth error:', err);`
			`return {`
			`user: null,`
			`error: new Response(JSON.stringify({ error: 'Authentication error' }), {`
			`status: 500,`
			`headers: { 'Content-Type': 'application/json' },`
			`}),`
			`setCookieHeader: null,`
			`};`
			`}`
			`}`

			`/**`
			`* Helper to create a response with optional Set-Cookie header forwarding`
			`* @param {any} data - Response data`
			`* @param {number} status - HTTP status code`
			`* @param {string\|null} setCookieHeader - Set-Cookie header from auth refresh`
			`*/`
			`export function createApiResponse(data, status = 200, setCookieHeader = null) {`
			`const headers = { 'Content-Type': 'application/json' };`
			`if (setCookieHeader) {`
			`headers['Set-Cookie'] = setCookieHeader;`
			`}`
			`return new Response(JSON.stringify(data), { status, headers });`
			`}`