Initial commit

2026-03-08 02:23:06 +00:00 · 2026-02-25 16:14:15 +03:00
commit 75ab0cecf0
254 changed files with 113531 additions and 0 deletions
--- a/src/app/api/external/message/route.ts
+++ b/src/app/api/external/message/route.ts
@@ -0,0 +1,92 @@
+import { NextRequest } from "next/server";
+import { timingSafeEqual } from "node:crypto";
+import {
+  ExternalMessageError,
+  handleExternalMessage,
+} from "@/lib/external/handle-external-message";
+import { getExternalApiToken } from "@/lib/storage/external-api-token-store";
+
+interface ExternalMessageBody {
+  sessionId?: unknown;
+  message?: unknown;
+  projectId?: unknown;
+  chatId?: unknown;
+  currentPath?: unknown;
+}
+
+function parseBearerToken(req: NextRequest): string | null {
+  const header = req.headers.get("authorization");
+  if (!header) return null;
+
+  const [scheme, token] = header.trim().split(/\s+/, 2);
+  if (!scheme || scheme.toLowerCase() !== "bearer" || !token) {
+    return null;
+  }
+
+  return token;
+}
+
+function safeTokenMatch(actual: string, expected: string): boolean {
+  const actualBytes = Buffer.from(actual);
+  const expectedBytes = Buffer.from(expected);
+  if (actualBytes.length !== expectedBytes.length) {
+    return false;
+  }
+
+  return timingSafeEqual(actualBytes, expectedBytes);
+}
+
+export async function POST(req: NextRequest) {
+  try {
+    const storedToken = await getExternalApiToken();
+    const envToken = process.env.EXTERNAL_API_TOKEN?.trim();
+    const expectedToken = storedToken || envToken;
+    if (!expectedToken) {
+      return Response.json(
+        {
+          error:
+            "External API token is not configured. Set EXTERNAL_API_TOKEN or generate token in API page.",
+        },
+        { status: 503 }
+      );
+    }
+
+    const providedToken = parseBearerToken(req);
+    if (!providedToken || !safeTokenMatch(providedToken, expectedToken)) {
+      return Response.json(
+        { error: "Unauthorized" },
+        {
+          status: 401,
+          headers: {
+            "WWW-Authenticate": 'Bearer realm="external-message"',
+          },
+        }
+      );
+    }
+
+    const body = (await req.json()) as ExternalMessageBody;
+    const result = await handleExternalMessage({
+      sessionId:
+        typeof body.sessionId === "string" ? body.sessionId : "",
+      message: typeof body.message === "string" ? body.message : "",
+      projectId:
+        typeof body.projectId === "string" ? body.projectId : undefined,
+      chatId: typeof body.chatId === "string" ? body.chatId : undefined,
+      currentPath:
+        typeof body.currentPath === "string" ? body.currentPath : undefined,
+    });
+
+    return Response.json(result);
+  } catch (error) {
+    if (error instanceof ExternalMessageError) {
+      return Response.json(error.payload, { status: error.status });
+    }
+
+    return Response.json(
+      {
+        error: error instanceof Error ? error.message : "Internal server error",
+      },
+      { status: 500 }
+    );
+  }
+}