From a094b995bd4bea682cace3426e16a6d117daaede Mon Sep 17 00:00:00 2001 From: Mike Decker Date: Wed, 10 Jan 2024 13:08:22 -0800 Subject: [PATCH] Await the valid path checker --- app/(public)/[...slug]/page.tsx | 3 ++- app/api/draft/route.tsx | 19 +------------------ 2 files changed, 3 insertions(+), 19 deletions(-) diff --git a/app/(public)/[...slug]/page.tsx b/app/(public)/[...slug]/page.tsx index 85fc97df..669da843 100644 --- a/app/(public)/[...slug]/page.tsx +++ b/app/(public)/[...slug]/page.tsx @@ -26,7 +26,8 @@ class RedirectError extends Error { const fetchNodeData = async (params: Params): Promise<{ node: StanfordNode, fullWidth: boolean }> => { const draftMode = isDraftMode(); const path = getPathFromContext({params}); - if (!pathIsValid(path)) throw new Error(); + const valid = await pathIsValid(path) + if (!valid) throw new Error(); const pathInfo = await translatePathFromContext({params}, {draftMode}); diff --git a/app/api/draft/route.tsx b/app/api/draft/route.tsx index 1ef8d1fd..0994d3db 100644 --- a/app/api/draft/route.tsx +++ b/app/api/draft/route.tsx @@ -1,8 +1,6 @@ // route handler with secret and slug import {draftMode} from 'next/headers' import {redirect} from 'next/navigation' -import {getResourceByPath} from "@/lib/drupal/get-resource"; -import {DrupalNode} from "next-drupal"; export async function GET(request: Request) { // Parse query string parameters @@ -17,20 +15,5 @@ export async function GET(request: Request) { } // Enable Draft Mode by setting the cookie draftMode().enable() - - if (slug.startsWith('/admin/paragraph')) { - redirect(slug); - } - // Fetch the headless CMS t44343o check if the provided `slug` exists - // getPostBySlug would implement the required fetching logic to the headless CMS - const node = await getResourceByPath(slug, {draftMode: true}) - - // If the slug doesn't exist prevent draft mode from being enabled - if (!node) { - return new Response('Invalid slug', {status: 401}) - } - - // Redirect to the path from the fetched post - // We don't redirect to searchParams.slug as that might lead to open redirect vulnerabilities - redirect(node.path.alias) + redirect(slug) } \ No newline at end of file