From 9c7698361232aa2e42d91d516f0e71847cab2d72 Mon Sep 17 00:00:00 2001 From: Alessio Gravili Date: Fri, 6 Dec 2024 00:07:13 -0700 Subject: [PATCH 1/3] fix(templates): error not shown when live preview token cannot be verified --- templates/website/src/app/(frontend)/next/preview/route.ts | 4 ++-- .../src/app/(frontend)/next/preview/route.ts | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/templates/website/src/app/(frontend)/next/preview/route.ts b/templates/website/src/app/(frontend)/next/preview/route.ts index a1b422cfbb9..627045e4e2a 100644 --- a/templates/website/src/app/(frontend)/next/preview/route.ts +++ b/templates/website/src/app/(frontend)/next/preview/route.ts @@ -53,7 +53,7 @@ export async function GET( try { user = jwt.verify(token, payload.secret) } catch (error) { - payload.logger.error('Error verifying token for live preview:', error) + payload.logger.error({ err: error }, 'Error verifying token for live preview') } const draft = await draftMode() @@ -85,7 +85,7 @@ export async function GET( return new Response('Document not found', { status: 404 }) } } catch (error) { - payload.logger.error('Error verifying token for live preview:', error) + payload.logger.error({ err: error }, 'Error verifying token for live preview') } draft.enable() diff --git a/templates/with-vercel-website/src/app/(frontend)/next/preview/route.ts b/templates/with-vercel-website/src/app/(frontend)/next/preview/route.ts index a1b422cfbb9..627045e4e2a 100644 --- a/templates/with-vercel-website/src/app/(frontend)/next/preview/route.ts +++ b/templates/with-vercel-website/src/app/(frontend)/next/preview/route.ts @@ -53,7 +53,7 @@ export async function GET( try { user = jwt.verify(token, payload.secret) } catch (error) { - payload.logger.error('Error verifying token for live preview:', error) + payload.logger.error({ err: error }, 'Error verifying token for live preview') } const draft = await draftMode() @@ -85,7 +85,7 @@ export async function GET( return new Response('Document not found', { status: 404 }) } } catch (error) { - payload.logger.error('Error verifying token for live preview:', error) + payload.logger.error({ err: error }, 'Error verifying token for live preview') } draft.enable() From 84fca77ccce2dcf2986452a0aeebe51209aab7e7 Mon Sep 17 00:00:00 2001 From: Alessio Gravili Date: Fri, 6 Dec 2024 00:10:59 -0700 Subject: [PATCH 2/3] fix: response was not returned in some cases --- examples/draft-preview/src/app/(app)/next/preview/route.ts | 4 ++-- templates/website/src/app/(frontend)/next/preview/route.ts | 4 ++-- .../src/app/(frontend)/next/preview/route.ts | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/examples/draft-preview/src/app/(app)/next/preview/route.ts b/examples/draft-preview/src/app/(app)/next/preview/route.ts index bcbe1928a3b..f988e4b4d76 100644 --- a/examples/draft-preview/src/app/(app)/next/preview/route.ts +++ b/examples/draft-preview/src/app/(app)/next/preview/route.ts @@ -43,11 +43,11 @@ export async function GET( } if (!token) { - new Response('You are not allowed to preview this page', { status: 403 }) + return new Response('You are not allowed to preview this page', { status: 403 }) } if (!path.startsWith('/')) { - new Response('This endpoint can only be used for internal previews', { status: 500 }) + return new Response('This endpoint can only be used for internal previews', { status: 500 }) } let user diff --git a/templates/website/src/app/(frontend)/next/preview/route.ts b/templates/website/src/app/(frontend)/next/preview/route.ts index 627045e4e2a..709f4f88a40 100644 --- a/templates/website/src/app/(frontend)/next/preview/route.ts +++ b/templates/website/src/app/(frontend)/next/preview/route.ts @@ -41,11 +41,11 @@ export async function GET( } if (!token) { - new Response('You are not allowed to preview this page', { status: 403 }) + return new Response('You are not allowed to preview this page', { status: 403 }) } if (!path.startsWith('/')) { - new Response('This endpoint can only be used for internal previews', { status: 500 }) + return new Response('This endpoint can only be used for internal previews', { status: 500 }) } let user diff --git a/templates/with-vercel-website/src/app/(frontend)/next/preview/route.ts b/templates/with-vercel-website/src/app/(frontend)/next/preview/route.ts index 627045e4e2a..709f4f88a40 100644 --- a/templates/with-vercel-website/src/app/(frontend)/next/preview/route.ts +++ b/templates/with-vercel-website/src/app/(frontend)/next/preview/route.ts @@ -41,11 +41,11 @@ export async function GET( } if (!token) { - new Response('You are not allowed to preview this page', { status: 403 }) + return new Response('You are not allowed to preview this page', { status: 403 }) } if (!path.startsWith('/')) { - new Response('This endpoint can only be used for internal previews', { status: 500 }) + return new Response('This endpoint can only be used for internal previews', { status: 500 }) } let user From 22d297d55d6e07fccefde971c64655ce873118f4 Mon Sep 17 00:00:00 2001 From: Alessio Gravili Date: Fri, 6 Dec 2024 00:26:40 -0700 Subject: [PATCH 3/3] fix broken live preview if different auth strategy was used --- examples/draft-preview/package.json | 1 - .../src/app/(app)/next/preview/route.ts | 19 ++++++++----------- templates/website/package.json | 2 -- .../src/app/(frontend)/next/preview/route.ts | 14 +++++++------- templates/with-vercel-website/package.json | 2 -- .../src/app/(frontend)/next/preview/route.ts | 14 +++++++------- 6 files changed, 22 insertions(+), 30 deletions(-) diff --git a/examples/draft-preview/package.json b/examples/draft-preview/package.json index b54a2c83d6f..c6ffcf37fac 100644 --- a/examples/draft-preview/package.json +++ b/examples/draft-preview/package.json @@ -22,7 +22,6 @@ "dotenv": "^8.2.0", "escape-html": "^1.0.3", "graphql": "^16.9.0", - "jsonwebtoken": "9.0.2", "next": "^15.0.0", "payload": "latest", "payload-admin-bar": "^1.0.6", diff --git a/examples/draft-preview/src/app/(app)/next/preview/route.ts b/examples/draft-preview/src/app/(app)/next/preview/route.ts index f988e4b4d76..287b454c1f4 100644 --- a/examples/draft-preview/src/app/(app)/next/preview/route.ts +++ b/examples/draft-preview/src/app/(app)/next/preview/route.ts @@ -1,6 +1,5 @@ -import type { CollectionSlug } from 'payload' +import type { CollectionSlug, PayloadRequest } from 'payload' -import jwt from 'jsonwebtoken' import { draftMode } from 'next/headers' import { redirect } from 'next/navigation' import { getPayload } from 'payload' @@ -42,10 +41,6 @@ export async function GET( return new Response('No path provided', { status: 404 }) } - if (!token) { - return new Response('You are not allowed to preview this page', { status: 403 }) - } - if (!path.startsWith('/')) { return new Response('This endpoint can only be used for internal previews', { status: 500 }) } @@ -53,12 +48,14 @@ export async function GET( let user try { - user = jwt.verify(token, payload.secret) - } catch (error) { - payload.logger.error({ - err: error, - msg: 'Error verifying token for live preview', + user = await payload.auth({ + req: req as unknown as PayloadRequest, + headers: req.headers, }) + } catch (error) { + console.log({ token, payloadSecret: payload.secret }) + payload.logger.error({ err: error }, 'Error verifying token for live preview') + return new Response('You are not allowed to preview this page', { status: 403 }) } const draft = await draftMode() diff --git a/templates/website/package.json b/templates/website/package.json index 3be1b71a77e..d2300baa290 100644 --- a/templates/website/package.json +++ b/templates/website/package.json @@ -39,7 +39,6 @@ "cross-env": "^7.0.3", "geist": "^1.3.0", "graphql": "^16.8.2", - "jsonwebtoken": "9.0.2", "lucide-react": "^0.378.0", "next": "^15.0.3", "next-sitemap": "^4.2.3", @@ -58,7 +57,6 @@ "@payloadcms/eslint-config": "^1.1.1", "@tailwindcss/typography": "^0.5.13", "@types/escape-html": "^1.0.2", - "@types/jsonwebtoken": "^9.0.6", "@types/node": "22.5.4", "@types/react": "npm:types-react@19.0.0-rc.1", "@types/react-dom": "npm:types-react-dom@19.0.0-rc.1", diff --git a/templates/website/src/app/(frontend)/next/preview/route.ts b/templates/website/src/app/(frontend)/next/preview/route.ts index 709f4f88a40..0a49f3ef773 100644 --- a/templates/website/src/app/(frontend)/next/preview/route.ts +++ b/templates/website/src/app/(frontend)/next/preview/route.ts @@ -1,7 +1,6 @@ -import jwt from 'jsonwebtoken' import { draftMode } from 'next/headers' import { redirect } from 'next/navigation' -import { getPayload } from 'payload' +import { getPayload, type PayloadRequest } from 'payload' import configPromise from '@payload-config' import { CollectionSlug } from 'payload' @@ -40,10 +39,6 @@ export async function GET( return new Response('No path provided', { status: 404 }) } - if (!token) { - return new Response('You are not allowed to preview this page', { status: 403 }) - } - if (!path.startsWith('/')) { return new Response('This endpoint can only be used for internal previews', { status: 500 }) } @@ -51,9 +46,14 @@ export async function GET( let user try { - user = jwt.verify(token, payload.secret) + user = await payload.auth({ + req: req as unknown as PayloadRequest, + headers: req.headers, + }) } catch (error) { + console.log({ token, payloadSecret: payload.secret }) payload.logger.error({ err: error }, 'Error verifying token for live preview') + return new Response('You are not allowed to preview this page', { status: 403 }) } const draft = await draftMode() diff --git a/templates/with-vercel-website/package.json b/templates/with-vercel-website/package.json index d4a9d7215ec..c5db5c3d860 100644 --- a/templates/with-vercel-website/package.json +++ b/templates/with-vercel-website/package.json @@ -41,7 +41,6 @@ "cross-env": "^7.0.3", "geist": "^1.3.0", "graphql": "^16.8.2", - "jsonwebtoken": "9.0.2", "lucide-react": "^0.378.0", "next": "^15.0.3", "next-sitemap": "^4.2.3", @@ -60,7 +59,6 @@ "@payloadcms/eslint-config": "^1.1.1", "@tailwindcss/typography": "^0.5.13", "@types/escape-html": "^1.0.2", - "@types/jsonwebtoken": "^9.0.6", "@types/node": "22.5.4", "@types/react": "npm:types-react@19.0.0-rc.1", "@types/react-dom": "npm:types-react-dom@19.0.0-rc.1", diff --git a/templates/with-vercel-website/src/app/(frontend)/next/preview/route.ts b/templates/with-vercel-website/src/app/(frontend)/next/preview/route.ts index 709f4f88a40..50539bb5720 100644 --- a/templates/with-vercel-website/src/app/(frontend)/next/preview/route.ts +++ b/templates/with-vercel-website/src/app/(frontend)/next/preview/route.ts @@ -1,9 +1,8 @@ -import jwt from 'jsonwebtoken' import { draftMode } from 'next/headers' import { redirect } from 'next/navigation' import { getPayload } from 'payload' import configPromise from '@payload-config' -import { CollectionSlug } from 'payload' +import type { CollectionSlug, PayloadRequest } from 'payload' const payloadToken = 'payload-token' @@ -40,10 +39,6 @@ export async function GET( return new Response('No path provided', { status: 404 }) } - if (!token) { - return new Response('You are not allowed to preview this page', { status: 403 }) - } - if (!path.startsWith('/')) { return new Response('This endpoint can only be used for internal previews', { status: 500 }) } @@ -51,9 +46,14 @@ export async function GET( let user try { - user = jwt.verify(token, payload.secret) + user = await payload.auth({ + req: req as unknown as PayloadRequest, + headers: req.headers, + }) } catch (error) { + console.log({ token, payloadSecret: payload.secret }) payload.logger.error({ err: error }, 'Error verifying token for live preview') + return new Response('You are not allowed to preview this page', { status: 403 }) } const draft = await draftMode()