From 08349dc870bf9b9c918c94e5b34ae98e29873ae2 Mon Sep 17 00:00:00 2001
From: Dobromir Popov <dobromir.popov@gateway.one>
Date: Tue, 30 Apr 2024 15:12:35 +0300
Subject: [PATCH] protecting prisma API with session check

---
 pages/api/data/prisma/[...model].ts | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/pages/api/data/prisma/[...model].ts b/pages/api/data/prisma/[...model].ts
index 0e18862..3ea950c 100644
--- a/pages/api/data/prisma/[...model].ts
+++ b/pages/api/data/prisma/[...model].ts
@@ -1,5 +1,8 @@
 import { NextApiRequest, NextApiResponse } from 'next';
 import { PrismaClient } from '@prisma/client';
+import { getServerSession } from "next-auth/next";
+import { authOptions } from "../../auth/[...nextauth]";
+
 
 const common = require('../../../../src/helpers/common');
 const logger = require('../../../../src/logger');
@@ -53,6 +56,14 @@ const generateSQL = (data, tableName) => {
     }).join("\n");
 };
 export default async function handler(req: NextApiRequest, res: NextApiResponse) {
+
+    const session = await getServerSession(req, res, authOptions);
+
+    if (!session) {
+        return res.status(401).json({ error: "Unauthorized" });
+    }
+
+
     const prisma: PrismaClient = common.getPrismaClient();
     const modelArray = (req.query.model || (req.body && req.body.model)) as string[];
     let queryOptions = {};