add admin check

app/api/collections/[id]/route.ts

@@ -1,17 +1,13 @@
 import { PrismaClient } from '@prisma/client'
 
 import { RemoverDataset } from '@/utils/remover'
+import { isAdmin } from '@/utils/checker/is_admin'
 
 const prisma = new PrismaClient()
 
 export async function DELETE(request: Request, { params }: { params: { id: string } }) {
   const { headers } = request
-
-  const staff_flag_id = headers.get('x-staff-flag-id') ?? undefined
-
-  // @ts-ignore
-  const HF_ADMIN = process?.env?.HF_ADMIN.split(',') ?? []
-  const is_admin = staff_flag_id ? HF_ADMIN.includes(staff_flag_id) : false
+  const is_admin = await isAdmin(headers)
 
   if (!is_admin) {
     return Response.json(

app/api/collections/[id]/visibility/route.ts

@@ -1,15 +1,13 @@
 import { PrismaClient } from '@prisma/client'
 
+import { isAdmin } from '@/utils/checker/is_admin'
+
 const prisma = new PrismaClient()
 
 export async function PUT(request: Request, { params }: { params: { id: string } }) {
   const { headers } = request
 
-  const staff_flag_id = headers.get('x-staff-flag-id') ?? undefined
-
-  // @ts-ignore
-  const HF_ADMIN = process?.env?.HF_ADMIN.split(',') ?? []
-  const is_admin = staff_flag_id ? HF_ADMIN.includes(staff_flag_id) : false
+  const is_admin = await isAdmin(headers)
 
   if (!is_admin) {
     return Response.json(

app/api/collections/route.ts

@@ -1,5 +1,7 @@
 import { PrismaClient } from '@prisma/client'
 
+import { isAdmin } from '@/utils/checker/is_admin'
+
 const prisma = new PrismaClient()
 
 export async function GET(request: Request) {
@@ -8,13 +10,10 @@ export async function GET(request: Request) {
   const userId = searchParams.get('id') ?? undefined
   const page = searchParams.get('page') ? parseInt(searchParams.get('page') as string) : 0
 
-  const staff_flag_id = headers.get('x-staff-flag-id') ?? undefined
-
-  // @ts-ignore
-  const HF_ADMIN = process?.env?.HF_ADMIN.split(',') ?? []
-  const is_admin = staff_flag_id ? HF_ADMIN.includes(staff_flag_id) : false
-
-  console.log('is_admin', HF_ADMIN, is_admin, staff_flag_id)
+  let is_admin = false
+  if (headers.get('Authorization') ) {
+    is_admin = await isAdmin(headers) as boolean
+  }
 
   const collections = await prisma.collection.findMany({
     orderBy: {

app/api/login/route.ts

@@ -2,7 +2,7 @@ export async function GET() {
   const REDIRECT_URI = `https://${process.env.SPACE_HOST}/login/callback`
   return Response.json(
     {
-      redirect: `https://huggingface.co/oauth/authorize?client_id=${process.env.OAUTH_CLIENT_ID}&redirect_uri=${REDIRECT_URI}&scope=openid%20profile%20email&state=STATE&response_type=code`,
+      redirect: `https://huggingface.co/oauth/authorize?client_id=${process.env.OAUTH_CLIENT_ID}&redirect_uri=${REDIRECT_URI}&scope=openid%20profile&state=STATE&response_type=code`,
       status: 200,
       ok: true
     }

components/main/hooks/useCollections.ts

@@ -7,7 +7,7 @@ import { useUser } from "@/utils/useUser";
 
 export const useCollections = (category: string) => {
   const [loading, setLoading] = useState(false);
-  const { user, loading: userLoading } = useUser();
+  const { user, loading: userLoading, token } = useUser();
 
   const client = useQueryClient();
   
@@ -24,7 +24,7 @@ export const useCollections = (category: string) => {
 
       const response = await fetch(`/api/collections?${queryParams.toString()}`, {
         headers: {
-          'x-staff-flag-id': user?.sub
+          ...(user?.sub ? { 'Authorization': token } : {})
         },
         method: "GET",
       })

components/modal/useCollection.ts

@@ -3,10 +3,9 @@ import { useQuery, useQueryClient } from "@tanstack/react-query"
 
 import { Collection, Image } from "@/utils/type"
 import { useUser } from "@/utils/useUser"
-import { set } from "lodash"
 
 export const useCollection = (id?: string) => {
-  const { user } = useUser()
+  const { user, token } = useUser()
   const [loading, setLoading] = useState(false)
 
   const { data: open } = useQuery(["modal"], () => {
@@ -36,7 +35,7 @@ export const useCollection = (id?: string) => {
     const response = await fetch(`/api/collections/${collection?.id}/visibility`, {
       method: "PUT",
       headers: {
-        'x-staff-flag-id': user?.sub
+        'Authorization': user?.sub ? token : "",
       }
     })
 
@@ -62,7 +61,7 @@ export const useCollection = (id?: string) => {
     const response = await fetch(`/api/collections/${collection?.id}`, {
       method: "DELETE",
       headers: {
-        'x-staff-flag-id': user?.sub
+        'Authorization': user?.sub ? token : "",
       }
     })
 

utils/checker/is_admin.ts

@@ -0,0 +1,22 @@
+export const isAdmin = async (headers: Headers) => {
+  return new Promise(async (resolve, reject) => {
+
+    const Authorization = headers.get('Authorization') ?? undefined
+  
+    // @ts-ignore
+    const HF_ADMIN = process?.env?.HF_ADMIN.split(',') ?? []
+
+    const userRequest = await fetch("https://huggingface.co/oauth/userinfo", {
+      method: "GET",
+      headers: {
+        Authorization: `Bearer ${Authorization}`,
+      },
+    })
+
+    const user = await userRequest.clone().json().catch(() => ({}));
+    const is_admin = user?.sub ? HF_ADMIN.includes(user?.sub) : false
+
+    resolve(is_admin)
+  })
+
+}

utils/useUser.ts

@@ -70,6 +70,7 @@ export const useUser = () => {
     user,
     refetch,
     loading,
+    token: `Bearer ${value}`,
     getAuthorization
   }
 }