Path: blob/master/src/packages/next/pages/api/conat/project.ts
1698 views
/*1This is a bridge to call the Conat rpc api that is offered by projects.2This is meant to be called by either a user account or a project, so API3keys that resolves to either work.45For security reasons this is ONLY usable via an API key -- using an account6is not allowed, since that opens us to XSS attacks.78Here is an example of how this would be used:910key=sk-...021112curl -sk -u $key: -H 'Content-Type: application/json' \13-d '{TODO}' \14http://localhost:9000/api/conat/project1516The api is defined in packages/conat/project/api/17*/1819import projectBridge from "@cocalc/server/api/project-bridge";20import getParams from "lib/api/get-params";21import { getAccountFromApiKey } from "@cocalc/server/auth/api";22import isCollaborator from "@cocalc/server/projects/is-collaborator";2324export default async function handle(req, res) {25try {26const { account_id, project_id: project_id0 } =27(await getAccountFromApiKey(req)) ?? {};28if (!account_id && !project_id0) {29throw Error("must sign in as project or account");30}31const {32project_id = project_id0,33compute_server_id,34name,35args,36timeout,37} = getParams(req);38if (!project_id) {39throw Error("must specify project_id or use project-specific api key");40}41if (project_id0) {42// auth via project_id43if (project_id0 != project_id) {44throw Error("project specific api key must match requested project");45}46}47if (account_id) {48// account_id based auth49if (!(await isCollaborator({ account_id, project_id }))) {50throw Error("user must be a collaborator on the project");51}52}53const resp = await projectBridge({54project_id,55compute_server_id,56name,57args,58timeout,59});60res.json(resp);61} catch (err) {62res.json({ error: err.message });63}64}656667