fix: add authentication to video script endpoint#274
Merged
knoxiboy merged 2 commits intoMay 25, 2026
Conversation
POST /api/video/script had no auth check, allowing unauthenticated users to freely consume Groq AI credits. Added currentUser() from Clerk to return 401 Unauthorized for requests without a valid session, consistent with /api/video/generate and other protected routes. Closes knoxiboy#240
POST /api/video/script had no auth check, allowing unauthenticated users to freely consume Groq AI credits. Added currentUser() from Clerk to return 401 Unauthorized for requests without a valid session, consistent with /api/video/generate and other protected routes. Also moved Groq client instantiation inside the handler to prevent module-level crash when GROQ_API_KEY is not set. Closes knoxiboy#240
|
@KaparthyReddy is attempting to deploy a commit to the Karan Mani Tripathi 's projects Team on Vercel. A member of the Team first needs to authorize it. |
github-actions
Bot
added
size/size/xs
gssoc'26
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Hello there! 🎉 Thank you so much for your first pull request to DoubtDesk!
We really appreciate your contribution. A maintainer will review your code soon. If you are participating in GSSoC, ensure your PR is linked to an open issue. Please make sure you have followed all rules in our Contributing Guidelines. Happy coding!
knoxiboy
approved these changes
May 25, 2026
Owner
knoxiboy
left a comment
knoxiboy
left a comment
There was a problem hiding this comment.
Automated review: Thank you for starring the repository! The PR is approved.
knoxiboy
added
gssoc:approved
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
POST /api/video/scripthad no authentication check, allowing unauthenticated users to freely consume Groq AI credits without a valid Clerk session. This PR addscurrentUser()from Clerk at the top of the handler, returning401 Unauthorizedfor unauthenticated requests — consistent with/api/video/generateand all other protected routes in the project.Also moved the Groq client instantiation inside the handler to prevent a module-level crash when
GROQ_API_KEYis not set in the environment.Note: The issue originally identified both
/api/video/generateand/api/video/scriptas unprotected. After pulling the latestmain,/api/video/generate/route.tsalready had auth added. This PR addresses the remaining unprotected endpoint.Related Issue
Closes #240
Type of Change
Screenshots (if UI change)
N/A — API-level fix, no UI changes.
How Has This Been Tested?
npm run devSent a POST request to
/api/video/scriptwithout a Clerk session — endpoint returns{"error":"Unauthorized"}with status401as expected.Checklist
npm run dev)anytypes)main