From be52a203a398a0925540a649353c54c8357d48bb Mon Sep 17 00:00:00 2001 From: Jacob Fletcher Date: Wed, 4 Jun 2025 17:18:09 -0400 Subject: [PATCH] templates: do not expose users in example custom routes (#12677) Follow up to #12404. Templates include a custom route for demonstration purposes that shows how to get Payload and use it. It was intended that these routes are either removed or modified for every new project, however, we can't guarantee this. This means that they should not expose any sensitive data, such as the users list. Instead, we can return a simple message from these routes indicating they are custom. This will ensure that even if they are kept as-is and deployed, no sensitive data is leaked. Payload is still instantiated, but we simply don't use it. This PR also types the first argument to further help users get started building custom routes. --- examples/astro/payload/src/app/my-route/route.ts | 8 +++----- examples/remix/payload/src/app/my-route/route.ts | 8 +++----- templates/_template/src/app/my-route/route.ts | 8 +++----- templates/blank/src/app/my-route/route.ts | 8 +++----- templates/plugin/dev/app/my-route/route.ts | 8 +++----- templates/with-payload-cloud/src/app/my-route/route.ts | 8 +++----- templates/with-postgres/src/app/my-route/route.ts | 8 +++----- templates/with-vercel-mongodb/src/app/my-route/route.ts | 8 +++----- templates/with-vercel-postgres/src/app/my-route/route.ts | 8 +++----- 9 files changed, 27 insertions(+), 45 deletions(-) diff --git a/examples/astro/payload/src/app/my-route/route.ts b/examples/astro/payload/src/app/my-route/route.ts index a6422f3733..075588617e 100644 --- a/examples/astro/payload/src/app/my-route/route.ts +++ b/examples/astro/payload/src/app/my-route/route.ts @@ -1,14 +1,12 @@ import configPromise from '@payload-config' import { getPayload } from 'payload' -export const GET = async () => { +export const GET = async (request: Request) => { const payload = await getPayload({ config: configPromise, }) - const data = await payload.find({ - collection: 'users', + return Response.json({ + message: 'This is an example of a custom route.', }) - - return Response.json(data) } diff --git a/examples/remix/payload/src/app/my-route/route.ts b/examples/remix/payload/src/app/my-route/route.ts index a6422f3733..075588617e 100644 --- a/examples/remix/payload/src/app/my-route/route.ts +++ b/examples/remix/payload/src/app/my-route/route.ts @@ -1,14 +1,12 @@ import configPromise from '@payload-config' import { getPayload } from 'payload' -export const GET = async () => { +export const GET = async (request: Request) => { const payload = await getPayload({ config: configPromise, }) - const data = await payload.find({ - collection: 'users', + return Response.json({ + message: 'This is an example of a custom route.', }) - - return Response.json(data) } diff --git a/templates/_template/src/app/my-route/route.ts b/templates/_template/src/app/my-route/route.ts index a6422f3733..075588617e 100644 --- a/templates/_template/src/app/my-route/route.ts +++ b/templates/_template/src/app/my-route/route.ts @@ -1,14 +1,12 @@ import configPromise from '@payload-config' import { getPayload } from 'payload' -export const GET = async () => { +export const GET = async (request: Request) => { const payload = await getPayload({ config: configPromise, }) - const data = await payload.find({ - collection: 'users', + return Response.json({ + message: 'This is an example of a custom route.', }) - - return Response.json(data) } diff --git a/templates/blank/src/app/my-route/route.ts b/templates/blank/src/app/my-route/route.ts index a6422f3733..075588617e 100644 --- a/templates/blank/src/app/my-route/route.ts +++ b/templates/blank/src/app/my-route/route.ts @@ -1,14 +1,12 @@ import configPromise from '@payload-config' import { getPayload } from 'payload' -export const GET = async () => { +export const GET = async (request: Request) => { const payload = await getPayload({ config: configPromise, }) - const data = await payload.find({ - collection: 'users', + return Response.json({ + message: 'This is an example of a custom route.', }) - - return Response.json(data) } diff --git a/templates/plugin/dev/app/my-route/route.ts b/templates/plugin/dev/app/my-route/route.ts index a6422f3733..075588617e 100644 --- a/templates/plugin/dev/app/my-route/route.ts +++ b/templates/plugin/dev/app/my-route/route.ts @@ -1,14 +1,12 @@ import configPromise from '@payload-config' import { getPayload } from 'payload' -export const GET = async () => { +export const GET = async (request: Request) => { const payload = await getPayload({ config: configPromise, }) - const data = await payload.find({ - collection: 'users', + return Response.json({ + message: 'This is an example of a custom route.', }) - - return Response.json(data) } diff --git a/templates/with-payload-cloud/src/app/my-route/route.ts b/templates/with-payload-cloud/src/app/my-route/route.ts index a6422f3733..075588617e 100644 --- a/templates/with-payload-cloud/src/app/my-route/route.ts +++ b/templates/with-payload-cloud/src/app/my-route/route.ts @@ -1,14 +1,12 @@ import configPromise from '@payload-config' import { getPayload } from 'payload' -export const GET = async () => { +export const GET = async (request: Request) => { const payload = await getPayload({ config: configPromise, }) - const data = await payload.find({ - collection: 'users', + return Response.json({ + message: 'This is an example of a custom route.', }) - - return Response.json(data) } diff --git a/templates/with-postgres/src/app/my-route/route.ts b/templates/with-postgres/src/app/my-route/route.ts index a6422f3733..075588617e 100644 --- a/templates/with-postgres/src/app/my-route/route.ts +++ b/templates/with-postgres/src/app/my-route/route.ts @@ -1,14 +1,12 @@ import configPromise from '@payload-config' import { getPayload } from 'payload' -export const GET = async () => { +export const GET = async (request: Request) => { const payload = await getPayload({ config: configPromise, }) - const data = await payload.find({ - collection: 'users', + return Response.json({ + message: 'This is an example of a custom route.', }) - - return Response.json(data) } diff --git a/templates/with-vercel-mongodb/src/app/my-route/route.ts b/templates/with-vercel-mongodb/src/app/my-route/route.ts index a6422f3733..075588617e 100644 --- a/templates/with-vercel-mongodb/src/app/my-route/route.ts +++ b/templates/with-vercel-mongodb/src/app/my-route/route.ts @@ -1,14 +1,12 @@ import configPromise from '@payload-config' import { getPayload } from 'payload' -export const GET = async () => { +export const GET = async (request: Request) => { const payload = await getPayload({ config: configPromise, }) - const data = await payload.find({ - collection: 'users', + return Response.json({ + message: 'This is an example of a custom route.', }) - - return Response.json(data) } diff --git a/templates/with-vercel-postgres/src/app/my-route/route.ts b/templates/with-vercel-postgres/src/app/my-route/route.ts index a6422f3733..075588617e 100644 --- a/templates/with-vercel-postgres/src/app/my-route/route.ts +++ b/templates/with-vercel-postgres/src/app/my-route/route.ts @@ -1,14 +1,12 @@ import configPromise from '@payload-config' import { getPayload } from 'payload' -export const GET = async () => { +export const GET = async (request: Request) => { const payload = await getPayload({ config: configPromise, }) - const data = await payload.find({ - collection: 'users', + return Response.json({ + message: 'This is an example of a custom route.', }) - - return Response.json(data) }