62 lines
1.8 KiB
TypeScript
62 lines
1.8 KiB
TypeScript
import { NextRequest, NextResponse } from 'next/server'
|
|
import { writeFile, mkdir } from 'fs/promises'
|
|
import path from 'path'
|
|
import { randomUUID } from 'crypto'
|
|
import { auth, getSanitizedHeaders } from '@/lib/auth'
|
|
|
|
const UPLOAD_DIR = process.env.UPLOAD_DIR ?? (process.env.NODE_ENV === 'production' ? '/app/uploads' : './uploads')
|
|
const MAX_SIZE_BYTES = Number(process.env.UPLOAD_MAX_SIZE_MB ?? 10) * 1024 * 1024
|
|
|
|
function getUploadRoot() {
|
|
if (path.isAbsolute(UPLOAD_DIR)) {
|
|
return UPLOAD_DIR
|
|
}
|
|
return path.resolve(process.cwd(), UPLOAD_DIR)
|
|
}
|
|
|
|
export async function POST(req: NextRequest) {
|
|
// Auth check
|
|
const session = await auth.api.getSession({ headers: await getSanitizedHeaders(req.headers) })
|
|
if (!session?.user) {
|
|
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
|
|
}
|
|
|
|
const formData = await req.formData()
|
|
const file = formData.get('file') as File | null
|
|
|
|
if (!file) {
|
|
return NextResponse.json({ error: 'No file provided' }, { status: 400 })
|
|
}
|
|
|
|
if (file.size > MAX_SIZE_BYTES) {
|
|
return NextResponse.json({ error: 'File too large' }, { status: 413 })
|
|
}
|
|
|
|
// Only allow safe file types
|
|
const allowedTypes = [
|
|
'application/pdf',
|
|
'image/png',
|
|
'image/jpeg',
|
|
'image/webp',
|
|
'image/gif',
|
|
]
|
|
if (!allowedTypes.includes(file.type)) {
|
|
return NextResponse.json({ error: 'File type not allowed' }, { status: 415 })
|
|
}
|
|
|
|
const ext = path.extname(file.name)
|
|
const fileName = `${randomUUID()}${ext}`
|
|
const uploadPath = getUploadRoot()
|
|
|
|
await mkdir(uploadPath, { recursive: true })
|
|
const buffer = Buffer.from(await file.arrayBuffer())
|
|
await writeFile(path.join(uploadPath, fileName), buffer)
|
|
|
|
return NextResponse.json({
|
|
storagePath: fileName,
|
|
name: file.name,
|
|
sizeBytes: file.size,
|
|
url: `/uploads/${fileName}`,
|
|
})
|
|
}
|