grant/proof-of-work
1
0
Fork 0
Code Issues Pull Requests Actions 8 Packages Projects Releases Wiki Activity
Files
988a3cca9a2b5a3f1ae9e3b02202b3340e80659e
proof-of-work/proof-of-work/app/api/settings/export-db/route.ts
T
Keysat 988a3cca9a
CI / proof-of-work (Next.js app) (push) Has been cancelled
Details
CI / start9/0.4 (StartOS package code) (push) Has been cancelled
Details
v1.1.0:8 — admin-gate whole-DB routes + AI custom-URL providers; SSRF guard 
Multi-user authorization hardening from a full security evaluation (EVALUATION.md):

- P0: /api/settings/{export,import}-db are now admin-only. Previously any signed-in user could download the whole instance DB (all bcrypt hashes + plaintext AI keys) or replace it wholesale. Per-user CSV export/import stays open.

- AI custom-URL providers (Ollama, OpenAI-compatible) are now admin-only, and every server fetch to a user-supplied URL passes through assertSafeProviderUrl (blocks link-local/cloud-metadata; private LAN allowed by design). Fixed-URL cloud providers stay per-user. Removed the dead legacy /api/ai/config route.

- Dev: fixed broken quick-start (added npm run create-admin; rewrote README; dropped dead CLAUDE_API_KEY) and the export-db 0-byte path resolution (resolveDatabasePath now matches Prisma).

ExVer bumped to 1.1.0:8 (no schema/data migration). Tests 197 pass, build green, tsc clean.
2026-06-12 23:15:09 -05:00

45 lines
1.3 KiB
TypeScript
Raw Blame History

import { getCurrentUser } from "@/lib/auth";
import { getTimestampFileSuffix, resolveDatabasePath } from "@/lib/db-file";
import { readFile } from "fs/promises";
import { NextResponse } from "next/server";
import path from "path";
export const dynamic = "force-dynamic";
/**
* GET /api/settings/export-db
* Download the current SQLite database file.
*/
export async function GET() {
try {
const user = await getCurrentUser();
if (!user) {
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
}
// Whole-instance operation: the file contains every user's data and
// password hashes. Admin-only — regular users use /api/me/export.
if (!user.isAdmin) {
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
}
const dbPath = resolveDatabasePath();
const data = await readFile(dbPath);
const fileName = `proof-of-work-${getTimestampFileSuffix()}.db`;
return new NextResponse(data, {
status: 200,
headers: {
"Content-Type": "application/x-sqlite3",
"Content-Disposition": `attachment; filename="${path.basename(fileName)}"`,
"Cache-Control": "no-store",
},
});
} catch (error) {
console.error("Database export error:", error);
return NextResponse.json(
{ error: "Failed to export database" },
{ status: 500 }
);
}
}
Reference in New Issue View Git Blame Copy Permalink