jake/jarv.is
1
Fork 0
mirror of https://github.com/jakejarvis/jarv.is.git synced 2025-09-13 07:35:35 -04:00
Code Issues Activity

Add BotID verification in comment creation to enhance security. Update instrumentation-client to include new notes route for POST requests.

Browse Source
This commit is contained in:
Jake Jarvis
2025-09-03 11:13:32 -04:00
parent a3f05dc7d8
commit f4fd80f20a
2 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
instrumentation-client.ts
View File

@@ -6,5 +6,9 @@ initBotId({
path: "/contact",
method: "POST",
},
{
path: "/notes/*",
method: "POST",
},
],
});

22
lib/server/comments.ts
View File

@@ -3,6 +3,7 @@
import { headers } from "next/headers";
import { revalidatePath } from "next/cache";
import { eq, desc } from "drizzle-orm";
import { checkBotId } from "botid/server";
import { db } from "@/lib/db";
import * as schema from "@/lib/db/schema";
import { auth } from "@/lib/auth";
@@ -37,6 +38,13 @@ export const getComments = async (pageSlug: string): Promise<CommentWithUser[]>
};
export const createComment = async (data: { content: string; pageSlug: string; parentId?: string }) => {
// BotID server-side verification
const verification = await checkBotId();
if (verification.isBot) {
console.warn("[server/comments] botid verification failed:", verification);
throw new Error("Bot check failed 🤖");
}
const session = await auth.api.getSession({
headers: await headers(),
});
@@ -63,6 +71,13 @@ export const createComment = async (data: { content: string; pageSlug: string; p
};
export const updateComment = async (commentId: string, content: string) => {
// BotID server-side verification
const verification = await checkBotId();
if (verification.isBot) {
console.warn("[server/comments] botid verification failed:", verification);
throw new Error("Bot check failed 🤖");
}
const session = await auth.api.getSession({
headers: await headers(),
});
@@ -106,6 +121,13 @@ export const updateComment = async (commentId: string, content: string) => {
};
export const deleteComment = async (commentId: string) => {
// BotID server-side verification
const verification = await checkBotId();
if (verification.isBot) {
console.warn("[server/comments] botid verification failed:", verification);
throw new Error("Bot check failed 🤖");
}
const session = await auth.api.getSession({
headers: await headers(),
});