验证key

.env.example

@@ -10,8 +10,8 @@ REDIS_PORT=6379
 REDIS_PASSWORD=
 REDIS_DB=0
 
-# 公开 API 密钥（用于外部调用 /api/public/* 端点）
+# Store API Key（用于访问 hero-slider 和 product-recommendations 接口）
-PUBLIC_API_KEY=your-secret-api-key-here
+STORE_API_KEY=your-store-api-key-here
 
 # Cloudflare R2 配置
 CLOUDFLARE_R2_BUCKET=your-bucket

src/app/api/public/hero-slider/route.ts

@@ -6,9 +6,18 @@ import { getCache, setCache } from '@/lib/redis'
 /**
  * GET /api/public/hero-slider
  * 获取首页幻灯片数据（带缓存）
+ * 需要 x-store-api-key 验证
  */
 export async function GET(req: NextRequest) {
   try {
+    // 验证 API Key
+    const apiKey = req.headers.get('x-store-api-key')
+    const validApiKey = process.env.STORE_API_KEY
+
+    if (!apiKey || !validApiKey || apiKey !== validApiKey) {
+      return NextResponse.json({ success: false, error: 'Unauthorized' }, { status: 401 })
+    }
+
     // 生成缓存 key
     const cacheKey = 'hero-slider:data'
 

src/app/api/public/product-recommendations/route.ts

@@ -6,9 +6,18 @@ import { getCache, setCache } from '@/lib/redis'
 /**
  * GET /api/public/product-recommendations
  * 获取商品推荐列表数据（带缓存）
+ * 需要 x-store-api-key 验证
  */
 export async function GET(req: NextRequest) {
   try {
+    // 验证 API Key
+    const apiKey = req.headers.get('x-store-api-key')
+    const validApiKey = process.env.STORE_API_KEY
+
+    if (!apiKey || !validApiKey || apiKey !== validApiKey) {
+      return NextResponse.json({ success: false, error: 'Unauthorized' }, { status: 401 })
+    }
+
     // 生成缓存 key
     const cacheKey = 'product-recommendations:data'