-
|
Hello everyone, the existing documentation on Cron Jobs with Github Actions is missing an example on how to securely trigger API routes with proper authorization. I suggest adding a short example to the docs, as I did in nextjs-cron |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
|
You should post your answer here - that would have saved me some time 😂 Guess I'll post mine. import { NextApiRequest, NextApiResponse } from "next"
export default async function handler(
req: NextApiRequest,
res: NextApiResponse
) {
if (req.method === "POST") {
try {
const { authorization } = req.headers
if (authorization === `Bearer ${process.env.API_SECRET_KEY}`) {
res.status(200).json({ success: true })
} else {
res.status(401).json({ success: false })
}
} catch (err) {
res.status(500).json({ statusCode: 500, message: err.message })
}
} else {
res.setHeader("Allow", "POST")
res.status(405).end("Method Not Allowed")
}
}To test it, run: curl --request POST \
--url 'http://localhost:3000/api/<endpoint>' \
--header 'Authorization: Bearer API_SECRET_KEY' |
Beta Was this translation helpful? Give feedback.
-
|
Thanks, @jsjoeio! I will add this to the docs 😄 |
Beta Was this translation helpful? Give feedback.
-
|
Wow. I guess all it takes to get something useful added to the docs is to slightly alter somebody else's solution and post it as a reply 5 months after 👍 |
Beta Was this translation helpful? Give feedback.
-
I understand why the animosity but I actually wrote my solution before I saw yours! Might you entertain the situation from a different perspective? You posted this questionThis sparked the idea and asked the question I had in mind (any many others I assume). It was nice to hear someone else voicing their opinion saying "hey this should be in the docs!". Thank you for doing that! I posted the answerI figured the next person who came here would want to see some actual code here in the discussion. And it could also be "Marked as an Answer" by the maintainers. What I would have done if I were you is ask the question -> post a snippet from your repo as the answer instead of linking it (easy to miss). It's also more discoverable for the community (I didn't think about clicking on your links until after I had my solution). This also means a maintainer can copy/paste straight into the docs. I shared your repo on TwitterYou made an excellent resource and I shared it in the thread I wrote about cron jobs on Vercel here.
Lee and I know each other from Twitter so he probably saw the tweet and this discussion resurfaced in his GitHub notifications. So he did the easiest thing and copied the solution straight from here and added it to the docs. Team effort to improve the docs for the communityIf you hadn't asked the question here on GitHub Discussions, I would have asked for help on Twitter. If I had asked for help on Twitter, the answer would have been lost in the Twitterverse. If it had been lost in the Twitterverse, it would have never made it to the docs. If it hadn't made it to the docs, other developers wouldn't have known where to go for help. It all started because you asked the question here so just remember that and realize, it was all a team effort. And in the end, the documentation improved for all of the community thanks to something you started. |
Beta Was this translation helpful? Give feedback.
You should post your answer here - that would have saved me some time 😂 Guess I'll post mine.