Sanity fixes

2025-07-22 20:26:49 +00:00 · 2023-08-21 08:13:13 +02:00
parent f8183a5a69
commit 1baa3c1f8d
8 changed files with 64 additions and 38 deletions
--- a/app/api/preview/route.ts
+++ b/app/api/preview/route.ts
@@ -1,4 +1,10 @@
+import { previewSecretId } from '@/lib/sanity/sanity.api'
+import { client } from '@/lib/sanity/sanity.client'
+import { token } from '@/lib/sanity/sanity.fetch'
 import { draftMode } from 'next/headers'
+import { isValidSecret } from 'sanity-plugin-iframe-pane/is-valid-secret'
+
+export const runtime = 'edge'

 export async function GET(request: Request) {
  const { searchParams } = new URL(request.url)
@@ -7,10 +13,25 @@ export async function GET(request: Request) {
  const type = searchParams.get('type')
  const locale = searchParams.get('locale')

-  // Check the secret and next parameters
-  // This secret should only be known to this route handler and the CMS
-  if (secret !== process.env.SANITY_API_READ_TOKEN) {
-    return new Response('Invalid token', { status: 401 })
+  if (!token) {
+    throw new Error(
+      'The `SANITY_API_READ_TOKEN` environment variable is required.',
+    )
+  }
+  if (!secret) {
+    return new Response('Invalid secret', { status: 401 })
+  }
+
+  const authenticatedClient = client.withConfig({ token })
+  
+  const validSecret = await isValidSecret(
+    authenticatedClient,
+    previewSecretId,
+    secret,
+  )
+
+  if (!validSecret) {
+    return new Response('Invalid secret', { status: 401 })
  }

  draftMode().enable()