apps/openpage-api/app/request-handler.ts

import type { NextRequest } from 'next/server';
import { NextResponse } from 'next/server';

type RouteHandler<T = Record<string, string | string[]>> = (
  req: NextRequest,
  ctx: { params: T },
) => Promise<Response> | Response;

const ALLOWED_ORIGINS = new Set(['documenso.com']);

const CORS_HEADERS = {
  'Access-Control-Allow-Origin': '*',
  'Access-Control-Allow-Methods': 'GET, OPTIONS',
  'Access-Control-Allow-Headers': 'Content-Type',
};

function isAllowedOrigin(req: NextRequest): boolean {
  const referer = req.headers.get('referer');
  const host = req.headers.get('host');

  if (host?.includes('localhost')) {
    return true;
  }

  if (!referer || !host) {
    return false;
  }

  try {
    const refererUrl = new URL(referer);
    const hostUrl = new URL(`http://${host}`);

    const isRefererAllowed = ALLOWED_ORIGINS.has(refererUrl.host);
    const isHostAllowed = ALLOWED_ORIGINS.has(hostUrl.host);

    return isRefererAllowed || isHostAllowed;
  } catch (error) {
    console.error('Error parsing URLs:', error);
    return false;
  }
}

export function requestHandler<T = Record<string, string | string[]>>(
  handler: RouteHandler<T>,
): RouteHandler<T> {
  return async (req: NextRequest, ctx: { params: T }) => {
    try {
      if (!isAllowedOrigin(req)) {
        return NextResponse.json(
          { error: 'Forbidden' },
          {
            status: 403,
            headers: CORS_HEADERS,
          },
        );
      }

      const response = await handler(req, ctx);

      Object.entries(CORS_HEADERS).forEach(([key, value]) => {
        response.headers.set(key, value);
      });

      return response;
    } catch (error) {
      console.log(error);
      return NextResponse.json(
        { error: 'Internal Server Error' },
        {
          status: 500,
          headers: CORS_HEADERS,
        },
      );
    }
  };
}
feat: open page api 2024-10-23 17:33:16 +00:00			`import type { NextRequest } from 'next/server';`
			`import { NextResponse } from 'next/server';`

			`type RouteHandler<T = Record<string, string \| string[]>> = (`
			`req: NextRequest,`
			`ctx: { params: T },`
			`) => Promise<Response> \| Response;`

feat: implement cors for all the routes 2024-10-23 17:42:58 +00:00			`const ALLOWED_ORIGINS = new Set(['documenso.com']);`

			`const CORS_HEADERS = {`
			`'Access-Control-Allow-Origin': '*',`
			`'Access-Control-Allow-Methods': 'GET, OPTIONS',`
			`'Access-Control-Allow-Headers': 'Content-Type',`
			`};`

feat: open page api 2024-10-23 17:33:16 +00:00			`function isAllowedOrigin(req: NextRequest): boolean {`
			`const referer = req.headers.get('referer');`
			`const host = req.headers.get('host');`

			`if (host?.includes('localhost')) {`
			`return true;`
			`}`

feat: implement cors for all the routes 2024-10-23 17:42:58 +00:00			`if (!referer \|\| !host) {`
			`return false;`
			`}`

			`try {`
			`const refererUrl = new URL(referer);`
			const hostUrl = new URL(`http://${host}`);

			`const isRefererAllowed = ALLOWED_ORIGINS.has(refererUrl.host);`
			`const isHostAllowed = ALLOWED_ORIGINS.has(hostUrl.host);`

			`return isRefererAllowed \|\| isHostAllowed;`
			`} catch (error) {`
			`console.error('Error parsing URLs:', error);`
			`return false;`
			`}`
feat: open page api 2024-10-23 17:33:16 +00:00			`}`

			`export function requestHandler<T = Record<string, string \| string[]>>(`
			`handler: RouteHandler<T>,`
			`): RouteHandler<T> {`
			`return async (req: NextRequest, ctx: { params: T }) => {`
			`try {`
			`if (!isAllowedOrigin(req)) {`
feat: implement cors for all the routes 2024-10-23 17:42:58 +00:00			`return NextResponse.json(`
			`{ error: 'Forbidden' },`
			`{`
			`status: 403,`
			`headers: CORS_HEADERS,`
			`},`
			`);`
feat: open page api 2024-10-23 17:33:16 +00:00			`}`

feat: implement cors for all the routes 2024-10-23 17:42:58 +00:00			`const response = await handler(req, ctx);`

			`Object.entries(CORS_HEADERS).forEach(([key, value]) => {`
			`response.headers.set(key, value);`
			`});`
feat: open page api 2024-10-23 17:33:16 +00:00
feat: implement cors for all the routes 2024-10-23 17:42:58 +00:00			`return response;`
feat: open page api 2024-10-23 17:33:16 +00:00			`} catch (error) {`
			`console.log(error);`
feat: implement cors for all the routes 2024-10-23 17:42:58 +00:00			`return NextResponse.json(`
			`{ error: 'Internal Server Error' },`
			`{`
			`status: 500,`
			`headers: CORS_HEADERS,`
			`},`
			`);`
feat: open page api 2024-10-23 17:33:16 +00:00			`}`
			`};`
			`}`