7fb05181e6
All checks were successful
Deploy / deploy (push) Successful in 3m10s
Tool endpoints (events, notes, transport, weather) call other /api/* routes via loopback (http://localhost:3000). Those routes are middleware-protected — cookie-less loopbacks were getting 401, which surfaced to the voice agent as get_today_events → tool_http_502. Add internal header bypass: middleware lets the request through when x-voice-internal matches VOICE_API_KEY. Only our own tool endpoints use this header, from inside the same container, so the blast radius is limited to loopback traffic. - middleware.ts: check x-voice-internal before cookie - lib/voice-tools.ts: internalHeaders() helper - app/api/voice/tools/{weather,transport,events,notes}: use it
31 lines
1.0 KiB
TypeScript
31 lines
1.0 KiB
TypeScript
export const dynamic = 'force-dynamic'
|
|
export const runtime = 'nodejs'
|
|
|
|
import { NextResponse } from 'next/server'
|
|
import { isBearerAuthorized, unauthorized, internalHeaders } from '@/lib/voice-tools'
|
|
|
|
export async function GET(req: Request) {
|
|
if (!isBearerAuthorized(req)) return unauthorized()
|
|
|
|
const baseUrl = `http://localhost:${process.env.PORT || '3000'}`
|
|
const r = await fetch(`${baseUrl}/api/notes`, {
|
|
cache: 'no-store',
|
|
headers: internalHeaders(),
|
|
}).catch(() => null)
|
|
|
|
if (!r || !r.ok) return NextResponse.json({ notes: [] }, { status: 502 })
|
|
const j = await r.json()
|
|
// Strip some fields to keep payload small for LLM context
|
|
const notes = (j.notes || []).slice(0, 10).map((n: any) => ({
|
|
id: n.id,
|
|
type: n.type,
|
|
title: n.title,
|
|
pin_date: n.pinDate,
|
|
items: n.type === 'shopping'
|
|
? (n.items || []).map((i: any) => ({ text: i.text, done: !!i.done }))
|
|
: undefined,
|
|
text: n.type === 'note' ? (n.text || '').slice(0, 500) : undefined,
|
|
}))
|
|
return NextResponse.json({ notes })
|
|
}
|