vercel-og-with-tweaks/pages/api/encrypted.tsx

// This function verifies the token to prevent generating images with random
// parameters (`id`).
// Check pages/encrypted/[id].tsx for more info.

import { ImageResponse } from '@vercel/og'
import { NextRequest } from 'next/server'

export const config = {
  runtime: 'experimental-edge',
}

const key = crypto.subtle.importKey(
  'raw',
  new TextEncoder().encode('my_secret'),
  { name: 'HMAC', hash: { name: 'SHA-256' } },
  false,
  ['sign']
)

function toHex(arrayBuffer) {
  return Array.prototype.map
    .call(new Uint8Array(arrayBuffer), (n) => n.toString(16).padStart(2, '0'))
    .join('')
}

export default async function handler(req: NextRequest) {
  const { searchParams } = req.nextUrl

  const id = searchParams.get('id')
  const token = searchParams.get('token')

  const verifyToken = toHex(
    await crypto.subtle.sign(
      'HMAC',
      await key,
      new TextEncoder().encode(JSON.stringify({ id }))
    )
  )

  if (token !== verifyToken) {
    return new Response('Invalid token.', { status: 401 })
  }

  return new ImageResponse(
    (
      <div
        style={{
          display: 'flex',
          fontSize: 40,
          color: 'black',
          background: 'white',
          width: '100%',
          height: '100%',
          padding: '50px 200px',
          textAlign: 'center',
          justifyContent: 'center',
          alignContent: 'center',
        }}
      >
        <h1>Card generated, id={id}.</h1>
      </div>
    ),
    {
      width: 1200,
      height: 630,
    }
  )
}
Initial commit from Create Next App 2022-11-04 23:02:31 +00:00			`// This function verifies the token to prevent generating images with random`
			// parameters (`id`).
			`// Check pages/encrypted/[id].tsx for more info.`

			`import { ImageResponse } from '@vercel/og'`
			`import { NextRequest } from 'next/server'`

			`export const config = {`
			`runtime: 'experimental-edge',`
			`}`

			`const key = crypto.subtle.importKey(`
			`'raw',`
			`new TextEncoder().encode('my_secret'),`
			`{ name: 'HMAC', hash: { name: 'SHA-256' } },`
			`false,`
			`['sign']`
			`)`

			`function toHex(arrayBuffer) {`
			`return Array.prototype.map`
			`.call(new Uint8Array(arrayBuffer), (n) => n.toString(16).padStart(2, '0'))`
			`.join('')`
			`}`

			`export default async function handler(req: NextRequest) {`
			`const { searchParams } = req.nextUrl`

			`const id = searchParams.get('id')`
			`const token = searchParams.get('token')`

			`const verifyToken = toHex(`
			`await crypto.subtle.sign(`
			`'HMAC',`
			`await key,`
			`new TextEncoder().encode(JSON.stringify({ id }))`
			`)`
			`)`

			`if (token !== verifyToken) {`
			`return new Response('Invalid token.', { status: 401 })`
			`}`

			`return new ImageResponse(`
			`(`
			`<div`
			`style={{`
			`display: 'flex',`
			`fontSize: 40,`
			`color: 'black',`
			`background: 'white',`
			`width: '100%',`
			`height: '100%',`
			`padding: '50px 200px',`
			`textAlign: 'center',`
			`justifyContent: 'center',`
			`alignContent: 'center',`
			`}}`
			`>`
			`<h1>Card generated, id={id}.</h1>`
			`</div>`
			`),`
			`{`
			`width: 1200,`
			`height: 630,`
			`}`
			`)`
			`}`