feat: make all API Requests require authorization (#686)

pages/api/v2/bots/[id]/index.ts

@@ -39,6 +39,10 @@ const patchLimiter = rateLimit({
 })
 const Bots = RequestHandler()
 	.get(async (req: GetApiRequest, res) => {
+		const auth = req.headers.authorization
+			? await get.BotAuthorization(req.headers.authorization)
+			: await get.Authorization(req.cookies.token)
+		if (!auth) return ResponseWrapper(res, { code: 401 })
 		const bot = await get.bot.load(req.query.id)
 		if (!bot) return ResponseWrapper(res, { code: 404, message: '존재하지 않는 봇입니다.' })
 		else {
@@ -200,7 +204,7 @@ const Bots = RequestHandler()
 
 		const isPerkAvailable =
 			checkBotFlag(bot.flags, 'partnered') || checkBotFlag(bot.flags, 'trusted')
-		
+
 		const userInfo = await get.user.load(user)
 		if (
 			['reported', 'blocked', 'archived'].includes(bot.state) &&
@@ -219,7 +223,8 @@ const Bots = RequestHandler()
 		const csrfValidated = checkToken(req, res, req.body._csrf)
 		if (!csrfValidated) return
 
-		const validated: ManageBot = await getManageBotSchema(isPerkAvailable).validate(req.body, { abortEarly: false })
+		const validated: ManageBot = await getManageBotSchema(isPerkAvailable)
+			.validate(req.body, { abortEarly: false })
 			.then((el) => el)
 			.catch((e) => {
 				ResponseWrapper(res, { code: 400, errors: e.errors })

pages/api/v2/list/bots/new.ts

@@ -4,7 +4,11 @@ import ResponseWrapper from '@utils/ResponseWrapper'
 
 import { Bot, List } from '@types'
 
-const NewList = RequestHandler().get(async (_req, res) => {
+const NewList = RequestHandler().get(async (req, res) => {
+	const auth = req.headers.authorization
+		? await get.BotAuthorization(req.headers.authorization)
+		: await get.Authorization(req.cookies.token)
+	if (!auth) return ResponseWrapper(res, { code: 401 })
 	const result = await get.list.new.load(1)
 	return ResponseWrapper<List<Bot>>(res, { code: 200, data: result })
 })

pages/api/v2/list/bots/votes.ts

@@ -6,6 +6,10 @@ import { Bot, List } from '@types'
 import Yup from '@utils/Yup'
 
 const VotesList = RequestHandler().get(async (req, res) => {
+	const auth = req.headers.authorization
+		? await get.BotAuthorization(req.headers.authorization)
+		: await get.Authorization(req.cookies.token)
+	if (!auth) return ResponseWrapper(res, { code: 401 })
 	const page = await Yup.number()
 		.positive()
 		.integer()

pages/api/v2/search/all.ts

@@ -8,6 +8,10 @@ import { SearchQuerySchema } from '@utils/Yup'
 import { Bot, Server, List } from '@types'
 
 const Search = RequestHandler().get(async (req: ApiRequest, res) => {
+	const auth = req.headers.authorization
+		? await get.BotAuthorization(req.headers.authorization)
+		: await get.Authorization(req.cookies.token)
+	if (!auth) return ResponseWrapper(res, { code: 401 })
 	const validated = await SearchQuerySchema.validate({ q: req.query.q || req.query.query, page: 1 })
 		.then((el) => el)
 		.catch((e) => {

pages/api/v2/search/bots.ts

@@ -8,6 +8,10 @@ import { SearchQuerySchema } from '@utils/Yup'
 import { Bot, List } from '@types'
 
 const SearchBots = RequestHandler().get(async (req: ApiRequest, res: NextApiResponse) => {
+	const auth = req.headers.authorization
+		? await get.BotAuthorization(req.headers.authorization)
+		: await get.Authorization(req.cookies.token)
+	if (!auth) return ResponseWrapper(res, { code: 401 })
 	const validated = await SearchQuerySchema.validate({
 		q: req.query.q || req.query.query,
 		page: req.query.page,

pages/api/v2/search/servers.ts

@@ -8,6 +8,10 @@ import { SearchQuerySchema } from '@utils/Yup'
 import { Server, List } from '@types'
 
 const SearchServers = RequestHandler().get(async (req: ApiRequest, res: NextApiResponse) => {
+	const auth = req.headers.authorization
+		? await get.BotAuthorization(req.headers.authorization)
+		: await get.Authorization(req.cookies.token)
+	if (!auth) return ResponseWrapper(res, { code: 401 })
 	const validated = await SearchQuerySchema.validate({
 		q: req.query.q || req.query.query,
 		page: req.query.page,

pages/api/v2/servers/[id]/index.ts

@@ -36,6 +36,10 @@ const patchLimiter = rateLimit({
 })
 const Servers = RequestHandler()
 	.get(async (req: GetApiRequest, res) => {
+		const auth = req.headers.authorization
+			? await get.BotAuthorization(req.headers.authorization)
+			: await get.Authorization(req.cookies.token)
+		if (!auth) return ResponseWrapper(res, { code: 401 })
 		const server = await get.server.load(req.query.id)
 		if (!server) return ResponseWrapper(res, { code: 404, message: '존재하지 않는 서버 입니다.' })
 		else {

pages/api/v2/servers/[id]/owners.ts

@@ -5,6 +5,10 @@ import ResponseWrapper from '@utils/ResponseWrapper'
 import { get } from '@utils/Query'
 
 const ServerOwners = RequestHandler().get(async (req: GetApiRequest, res) => {
+	const auth = req.headers.authorization
+		? await get.BotAuthorization(req.headers.authorization)
+		: await get.Authorization(req.cookies.token)
+	if (!auth) return ResponseWrapper(res, { code: 401 })
 	const owners = await get.serverOwners(req.query.id)
 	if (!owners) return ResponseWrapper(res, { code: 404 })
 	return ResponseWrapper(res, { code: 200, data: owners })

pages/api/v2/users/[id]/index.ts

@@ -5,7 +5,10 @@ import ResponseWrapper from '@utils/ResponseWrapper'
 import RequestHandler from '@utils/RequestHandler'
 
 const Users = RequestHandler().get(async (req: ApiRequest, res) => {
-	console.log(req.query)
+	const auth = req.headers.authorization
+		? await get.BotAuthorization(req.headers.authorization)
+		: await get.Authorization(req.cookies.token)
+	if (!auth) return ResponseWrapper(res, { code: 401 })
 	const user = await get.user.load(req.query?.id)
 	if (!user) return ResponseWrapper(res, { code: 404, message: '존재하지 않는 유저 입니다.' })
 	else return ResponseWrapper(res, { code: 200, data: user })