feat: add error reporting token validation and update documentation

2026-01-09 17:06:15 +00:00 · 2025-12-06 13:32:02 +01:00
parent b562af43ca
commit 0c8fcfc597
3 changed files with 22 additions and 3 deletions
--- a/api/report-error.js
+++ b/api/report-error.js
@@ -1,6 +1,7 @@
 const MAX_BODY_SIZE = 10000
 const MAX_TEXT = 900
 const MAX_FIELD = 120
+const AUTH_HEADER = 'x-error-report-token'

 function isPlainObject(value) {
    return Boolean(value) && typeof value === 'object' && !Array.isArray(value)
@@ -57,11 +58,26 @@ module.exports = async function handler(req, res) {
    }

    const webhookUrl = process.env.DISCORD_WEBHOOK_URL
+    const authToken = process.env.ERROR_REPORT_TOKEN
+
    if (!webhookUrl) {
        res.status(500).json({ error: 'Webhook not configured' })
        return
    }

+    if (!authToken) {
+        res.status(500).json({ error: 'Reporting token not configured' })
+        return
+    }
+
+    const providedHeader = req.headers?.[AUTH_HEADER]
+    const providedToken = Array.isArray(providedHeader) ? providedHeader[0] : providedHeader
+
+    if (!providedToken || providedToken !== authToken) {
+        res.status(401).json({ error: 'Unauthorized' })
+        return
+    }
+
    let body
    try {
        body = await readJsonBody(req)