From c3026c8262ffd0baaa97a5845c3ba6cfb54882b1 Mon Sep 17 00:00:00 2001
From: Dmytro Stanchiev <git@dmytros.dev>
Date: Mon, 6 Apr 2026 23:18:46 -0400
Subject: [PATCH] feat(api): add auth check to ai-summary endpoint

Require authentication for ai-summary endpoint to prevent
unauthorized API key usage and cost leakage.
---
 src/app/api/ai-summary/route.ts | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/app/api/ai-summary/route.ts b/src/app/api/ai-summary/route.ts
index dedfd31..0de481b 100644
--- a/src/app/api/ai-summary/route.ts
+++ b/src/app/api/ai-summary/route.ts
@@ -1,6 +1,19 @@
 import { NextResponse } from "next/server";
+import { auth } from "@/auth";
+import { headers } from "next/headers";
 
 export async function POST(request: Request) {
+	const session = await auth.api.getSession({
+		headers: await headers(),
+	});
+
+	if (!session?.user) {
+		return NextResponse.json(
+			{ error: "Authentication required" },
+			{ status: 401 },
+		);
+	}
+
 	try {
 		const { events } = await request.json();