feat: protect endpoint

gaspergrom · gaspergrom · commit 6bcf88c743d3 · 2025-11-27T09:46:01.000+01:00
Signed-off-by: Gašper Grom &lt;gasper.grom@gmail.com&gt;
diff --git a/frontend/app/components/modules/project/services/community.api.service.ts b/frontend/app/components/modules/project/services/community.api.service.ts
@@ -94,7 +94,7 @@ class ProjectCommunityApiService {
     query: () => Record<string, string | number | string[] | undefined | null>,
   ): QueryFunction<Pagination<CommunityMentions>, readonly unknown[], number> {
     return async ({ pageParam = 0 }) =>
-      await $fetch(`/api/project/${query().projectSlug}/community`, {
+      await $fetch(`/api/community/list`, {
         params: {
           page: pageParam,
           ...query(),
diff --git a/frontend/server/api/community/list.ts b/frontend/server/api/community/list.ts
@@ -5,17 +5,16 @@ import { Pagination } from '~~/types/shared/pagination';
 import { CommunityMentions } from '~~/types/community/community';
 
 export default defineEventHandler(async (event): Promise<Pagination<CommunityMentions>> => {
-  const { slug } = event.context.params as Record<string, string>;
+  const query = getQuery(event);
+  const projectSlug = query.projectSlug as string;
 
-  if (!slug) {
+  if (!projectSlug) {
     throw createError({
       statusCode: 400,
       statusMessage: 'Project slug is required',
     });
   }
 
-  const query = getQuery(event);
-
   const page: number = (query.page as number) || 0;
   const pageSize: number = (query.pageSize as number) || 20;
   const platforms = Array.isArray(query.platforms)
@@ -47,7 +46,7 @@ export default defineEventHandler(async (event): Promise<Pagination<CommunityMen
       keywords,
       sentiments,
       languages,
-      projectSlug: slug,
+      projectSlug,
     });
 
     return {
diff --git a/frontend/server/middleware/jwt-auth.ts b/frontend/server/middleware/jwt-auth.ts
@@ -13,7 +13,7 @@ const isJWT = (token: string) => {
 export default defineEventHandler(async (event) => {
   const url = getRouterParam(event, '_') || event.node.req.url || '';
 
-  const protectedRoutes = ['/api/report'];
+  const protectedRoutes = ['/api/report', '/api/community/list'];
   const protectedAndPermissionRoutes = ['/api/chat'];
 
   const isProtectedRoute = [...protectedRoutes, ...protectedAndPermissionRoutes].some((route) =>
diff --git a/frontend/setup/caching.ts b/frontend/setup/caching.ts
@@ -15,6 +15,7 @@ export default {
           '/api/health/live': { cache: false },
           '/api/seo/og-image': { cache: false },
           '/api/report': { cache: false },
+          '/api/community/list': { cache: { maxAge: longCache, base: 'redis' } },
           '/api/community/**': { cache: false },
           '/api/search': { cache: { maxAge: longCache, base: 'redis' } },
           '/api/category': { cache: { maxAge: longCache, base: 'redis' } },
