Initial nextjs api endpoint commit #46
Draft
+265
−138
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Linking the NextJS tutorial page which probably explains it better than I did https://nextjs.org/learn-pages-router/basics/api-routes |
|
@dgading thanks for the link - quite a rabbit hole that I never got to the bottom of. It seems NextJS is being secure here, but as with writing any APIs, whoever reviews your code should keep the OWASP API Top 10 in mind. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR aims to create a NextJS api endpoint that can update the homepage goals search. With NextJS Drupal, each request for information needs authorization credentials passed with it. NextJS uses environmental variables to do this when building the site with functions like getStaticProps. These credentials are never passed to the browser, so updating the site with new data from the view can't be done like a normal React application where you just fetch some new data.
In NextJS, using the api subfolder in the pages folder, you can create API end points that live on the server part of the NextJS application. These pages are never sent to the browser, but can be used be the browser part of the site to access the Drupal site. In this PR I've added the endpoint /api/goal-search which can take a query of fulltext. This endpoint then works similar to the getStaticProps on page load, when a request hits the endpoint, it sends a graphql query to the Drupal site with the auth information and returns the information through my new endpoint to the browser application. When using the application, if you use the goals search, you will never see the Drupal endpoint, only the NextJS api endpoint I created.