From 0c8fcfc5972ab07ec247495db257c424681f5e57 Mon Sep 17 00:00:00 2001 From: LightZirconite Date: Sat, 6 Dec 2025 13:32:02 +0100 Subject: [PATCH] feat: add error reporting token validation and update documentation --- api/report-error.js | 16 ++++++++++++++++ docs/error-reporting.md | 7 ++++--- docs/scheduling.md | 2 ++ 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/api/report-error.js b/api/report-error.js index 1a117f7..1606eac 100644 --- a/api/report-error.js +++ b/api/report-error.js @@ -1,6 +1,7 @@ const MAX_BODY_SIZE = 10000 const MAX_TEXT = 900 const MAX_FIELD = 120 +const AUTH_HEADER = 'x-error-report-token' function isPlainObject(value) { return Boolean(value) && typeof value === 'object' && !Array.isArray(value) @@ -57,11 +58,26 @@ module.exports = async function handler(req, res) { } const webhookUrl = process.env.DISCORD_WEBHOOK_URL + const authToken = process.env.ERROR_REPORT_TOKEN + if (!webhookUrl) { res.status(500).json({ error: 'Webhook not configured' }) return } + if (!authToken) { + res.status(500).json({ error: 'Reporting token not configured' }) + return + } + + const providedHeader = req.headers?.[AUTH_HEADER] + const providedToken = Array.isArray(providedHeader) ? providedHeader[0] : providedHeader + + if (!providedToken || providedToken !== authToken) { + res.status(401).json({ error: 'Unauthorized' }) + return + } + let body try { body = await readJsonBody(req) diff --git a/docs/error-reporting.md b/docs/error-reporting.md index 693ec5c..5aef0d6 100644 --- a/docs/error-reporting.md +++ b/docs/error-reporting.md @@ -1,17 +1,18 @@ # Error Reporting API ## What it does -Accepts structured error reports and forwards them to Discord in a clean format. +Accepts structured error reports and forwards them to Discord in a clean format. Submissions require a shared secret header so random users cannot spam your webhook. ## How to use -- Set `DISCORD_WEBHOOK_URL` in your environment. -- Send a POST request to `/api/report-error` with JSON that includes at least `error`. +- Set `DISCORD_WEBHOOK_URL` and `ERROR_REPORT_TOKEN` in your environment (e.g., Vercel project settings → Environment Variables). +- Send a POST request to `/api/report-error` with header `x-error-report-token: ` and JSON that includes at least `error`. - Optional fields: `summary`, `type`, `metadata` (object), `environment` (string or object with `name`). ## Example ```bash curl -X POST https://your-deployment.vercel.app/api/report-error \ -H "Content-Type: application/json" \ + -H "x-error-report-token: YOUR_TOKEN" \ -d '{"error":"Search job failed","type":"search","metadata":{"account":"user@contoso.com"}}' ``` diff --git a/docs/scheduling.md b/docs/scheduling.md index c43155e..7b5b436 100644 --- a/docs/scheduling.md +++ b/docs/scheduling.md @@ -7,6 +7,8 @@ Runs the bot automatically at set times. - Turn on scheduling in `src/config.jsonc` under `scheduling.enabled`. - Choose a time using the cron or Task Scheduler fields already in the config. - Leave the machine or container running so the schedule can trigger. +- Check the console after start: it prints the next run time. If you close the window or stop the container, the scheduler stops. +- Serverless hosts (e.g., Vercel) will not keep the scheduler alive; run on a machine or container that stays on. ## Example ```jsonc