35 lines
1002 B
TypeScript
35 lines
1002 B
TypeScript
import { NextApiRequest, NextApiResponse } from 'next'
|
|
import fs from 'fs'
|
|
import path from 'path'
|
|
|
|
const DOCS_DIR = path.join(process.cwd(), 'docs')
|
|
|
|
export default function handler(req: NextApiRequest, res: NextApiResponse) {
|
|
const { file } = req.query
|
|
|
|
if (!file || typeof file !== 'string') {
|
|
return res.status(400).json({ error: 'File name is required' })
|
|
}
|
|
|
|
// Security: prevent directory traversal
|
|
const safeFile = path.basename(file)
|
|
const filePath = path.join(DOCS_DIR, safeFile)
|
|
|
|
// Check if file exists and is in docs directory
|
|
if (!filePath.startsWith(DOCS_DIR)) {
|
|
return res.status(403).json({ error: 'Access denied' })
|
|
}
|
|
|
|
try {
|
|
if (!fs.existsSync(filePath)) {
|
|
return res.status(404).json({ error: 'File not found' })
|
|
}
|
|
|
|
const content = fs.readFileSync(filePath, 'utf-8')
|
|
res.status(200).send(content)
|
|
} catch (error) {
|
|
console.error('Error reading doc file:', error)
|
|
res.status(500).json({ error: 'Failed to read file' })
|
|
}
|
|
}
|