24 lines
943 B
TypeScript
24 lines
943 B
TypeScript
import { NextRequest, NextResponse } from 'next/server'
|
|
|
|
export async function GET(request: NextRequest) {
|
|
const { searchParams } = new URL(request.url)
|
|
const secret = searchParams.get('secret')
|
|
const id = searchParams.get('id')
|
|
|
|
// Check the secret and next parameters
|
|
// This secret should be only known to this API route and the CMS
|
|
if (secret !== process.env.PREVIEW_SECRET || !id) {
|
|
return NextResponse.json({ message: 'Invalid token' }, { status: 401 })
|
|
}
|
|
|
|
// Enable Preview Mode by setting the cookies
|
|
const res = NextResponse.next()
|
|
res.cookies.set('__prerender_bypass', process.env.PRERENDER_BYPASS_TOKEN || '')
|
|
res.cookies.set('__next_preview_data', process.env.PREVIEW_DATA_TOKEN || '')
|
|
|
|
// Redirect to the path from the fetched post
|
|
// We don't redirect to searchParams.slug as that might lead to open redirect vulnerabilities
|
|
return NextResponse.redirect(new URL(`/product/${id}`, request.url))
|
|
}
|
|
|