2020-06-15 19:03:34 +02:00
|
|
|
import { getPreviewPostBySlug } from "../../lib/graphcms";
|
|
|
|
|
|
|
|
export default async function handler(req, res) {
|
|
|
|
// Check the secret and next parameters
|
|
|
|
// This secret should only be known to this API route and the CMS
|
|
|
|
if (
|
|
|
|
req.query.secret !== process.env.GRAPHCMS_PREVIEW_SECRET ||
|
|
|
|
!req.query.slug
|
|
|
|
) {
|
|
|
|
return res.status(401).json({ message: "Invalid token" });
|
|
|
|
}
|
|
|
|
|
|
|
|
// Fetch the headless CMS to check if the provided `slug` exists
|
|
|
|
const post = await getPreviewPostBySlug(req.query.slug);
|
|
|
|
|
|
|
|
// If the slug doesn't exist prevent preview mode from being enabled
|
|
|
|
if (!post) {
|
|
|
|
return res.status(401).json({ message: "Invalid slug" });
|
|
|
|
}
|
|
|
|
|
2023-05-13 09:12:56 +02:00
|
|
|
// Enable Draft Mode by setting the cookie
|
|
|
|
res.setDraftMode({ enable: true });
|
2020-06-15 19:03:34 +02:00
|
|
|
|
|
|
|
// Redirect to the path from the fetched post
|
|
|
|
// We don't redirect to req.query.slug as that might lead to open redirect vulnerabilities
|
|
|
|
res.writeHead(307, { Location: `/posts/${post.slug}` });
|
|
|
|
res.end();
|
|
|
|
}
|