I'm currently working on developing a video application that will offer both free and premium videos. With approximately 100 videos in the pipeline, I am contemplating whether setting up a database to store video links is necessary. Considering security concerns, I am exploring the option of reading them from a JSON file. However, I am unsure if files created within the src folder are accessible to users or not.
videos.json
{
"introduction": "sd324d",
"how-to-save-money": "824ds",
"investments": "64hdxc",
"do-it-yourself": "82jxcn",
"final-project": "hd82hd"
}
video API
export default async function handler(req,res) {
const { videoSlug } = req.query;
const isUserPremium = // Implement user token verification
if(!isUserPremium) return res.status(403).json("Not allowed!")
const jsonDirectory = path.join(
process.cwd(),
`/src/content/videos.json`
);
const fileContents = await fs.readFile(jsonDirectory, "utf8");
const objectData = JSON.parse(fileContents);
const id = objectData[videoSlug];
return res.status(200).json(id);
}
The code functions as intended, but my primary concern lies with data security. It is important for me to ensure this aspect, especially considering my plans to deploy the app on Vercel.