d5837e03cc
## Documentation / Examples - [X] Make sure the linting passes by running `pnpm lint` - [X] The "examples guidelines" are followed from [our contributing doc](https://github.com/vercel/next.js/blob/canary/contributing/examples/adding-examples.md) Co-authored-by: Balázs Orbán <info@balazsorban.com>
25 lines
927 B
TypeScript
25 lines
927 B
TypeScript
import { getPostBySlug } from '../../lib/api'
|
|
|
|
export default async function preview(req, res) {
|
|
// Check the secret and next parameters
|
|
// This secret should only be known to this API route and the CMS
|
|
if (req.query.secret !== process.env.PREVIEW_API_SECRET || !req.query.slug) {
|
|
return res.status(401).json({ message: 'Invalid token' })
|
|
}
|
|
|
|
// Fetch the headless CMS to check if the provided `slug` exists
|
|
const { post } = await getPostBySlug(req.query.slug, true)
|
|
|
|
// If the slug doesn't exist prevent preview mode from being enabled
|
|
if (!post) {
|
|
return res.status(401).json({ message: 'Invalid slug' })
|
|
}
|
|
|
|
// Enable Preview Mode by setting the cookies
|
|
res.setPreviewData({})
|
|
|
|
// Redirect to the path from the fetched post
|
|
// We don't redirect to req.query.slug as that might lead to open redirect vulnerabilities
|
|
res.writeHead(307, { Location: `/posts/${post.data.slug}` })
|
|
res.end()
|
|
}
|