1
/*
2
This is a bridge to call the Conat rpc api that is offered by the hub.
3
This is meant to be called by account users *NOT* the project. That's why
4
you must provide an api key for an account.
5

6
For security reasons this is ONLY usable via an API key -- using an account
7
is not allowed, since that opens us to XSS attacks.
8

9
Here is an example of how this would be used:
10

11
key=sk-...02
12

13
curl -sk -u $key: -H 'Content-Type: application/json' \
14
   -d '{"name":"system.getNames", "args":[["d0bdabfd-850e-4c8d-8510-f6f1ecb9a5eb"]]}' \
15
   http://localhost:9000/api/conat/hub
16

17
The api is defined in packages/conat/hub/api/
18
*/
19

20
import hubBridge from "@cocalc/server/api/hub-bridge";
21
import getParams from "lib/api/get-params";
22
import { getAccountFromApiKey } from "@cocalc/server/auth/api";
23

24
export default async function handle(req, res) {
25
  try {
26
    const { account_id } = (await getAccountFromApiKey(req)) ?? {};
27
    if (!account_id) {
28
      throw Error(
29
        "must be signed in and MUST provide an api key (cookies are not allowed)",
30
      );
31
    }
32
    const { name, args, timeout } = getParams(req);
33
    const resp = await hubBridge({ account_id, name, args, timeout });
34
    res.json(resp);
35
  } catch (err) {
36
    res.json({ error: err.message });
37
  }
38
}
39

40