Some checks failed
Deploy to Production / Build and Deploy (push) Failing after 39s
CRITICAL: - Add auth + admin check to 10 unprotected API routes (test-*, debug/*, config, models, fix-labels) - Add CRON_SECRET bearer auth to /api/cron/reminders (was fully open) - Add SSRF protection to getOllamaModels (blocks private/internal IPs) HIGH: - Fix getAllLabels() missing userId filter (leaked all users' labels) - Fix /api/labels OR clause leaking other users' labels - Fix IDOR in toggleAgent/getAgentActions (add ownership check) - Fix getEmbeddings() returning [] on error in all 5 providers (corrupted semantic search with NaN cosine similarity) — now throws instead Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
39 lines
1.3 KiB
TypeScript
39 lines
1.3 KiB
TypeScript
import { NextResponse } from 'next/server';
|
|
import { chatService } from '@/lib/ai/services/chat.service';
|
|
import { auth } from '@/auth';
|
|
|
|
export async function POST(req: Request) {
|
|
const session = await auth()
|
|
if (!session?.user?.id) {
|
|
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
|
|
}
|
|
if ((session.user as any).role !== 'ADMIN') {
|
|
return NextResponse.json({ error: 'Forbidden' }, { status: 403 })
|
|
}
|
|
|
|
try {
|
|
const body = await req.json();
|
|
console.log("TEST ROUTE INCOMING BODY:", body);
|
|
|
|
// Simulate what the server action does
|
|
const result = await chatService.chat(body.message, body.conversationId, body.notebookId);
|
|
|
|
return NextResponse.json({ success: true, result });
|
|
} catch (err: any) {
|
|
console.error("====== TEST ROUTE CHAT ERROR ======");
|
|
console.error("NAME:", err.name);
|
|
console.error("MSG:", err.message);
|
|
if (err.cause) console.error("CAUSE:", JSON.stringify(err.cause, null, 2));
|
|
if (err.data) console.error("DATA:", JSON.stringify(err.data, null, 2));
|
|
if (err.stack) console.error("STACK:", err.stack);
|
|
console.error("===================================");
|
|
return NextResponse.json({
|
|
success: false,
|
|
error: err.message,
|
|
name: err.name,
|
|
cause: err.cause,
|
|
data: err.data
|
|
}, { status: 500 });
|
|
}
|
|
}
|