Next.js Server SDK
Installation
Install the SDK via npm:
npm install lancer-next-sdk
Getting Started
1. Initialize the Lancer SDK
Create a reusable instance of the Lancer class with your webhookSecret for signature verification. Store this in a shared module for easy access across your API routes.
import Lancer from "lancer-next-sdk";
const lancer = new Lancer({
webhookSecret: "<your-lancer-webhook-secret>",
});
export default lancer;
| Parameter | Type | Required | Description |
|---|---|---|---|
webhookSecret | string | No | Secret key used to verify webhook signatures. |
2. Set Up API Routes
Authentication Endpoint
Use the authenticate method to handle session authentication in a Next.js API route. Implement your custom logic within the handler.
import lancer from "@/lib/lancer";
export const POST = lancer.authenticate(async (token, payload) => {
console.log("Session Payload:", payload);
// Custom authentication logic
return {
ownerId: "<user-id>", // Replace with actual user/owner ID
status: 200, // HTTP status code
};
});
| Parameter | Type | Description |
|---|---|---|
token | string | Lancer session token from the Authorization header. |
payload | SessionRequest | Payload containing session details from Lancer. |
Example Request
POST /api/auth
Authorization: Bearer <token>
{
"file_size": 10485760,
"file_name": "example.txt",
"max_chunk": 2,
"chunk_size": 5242880,
"provider": "LOCAL"
}
Example Response
{
"ownerId": "user123"
}
Webhook Endpoint
Handle webhook events sent by Lancer with the handleWebhook method. Enable verification to ensure payload integrity using your webhookSecret.
import lancer from "@/lib/lancer";
export const POST = lancer.handleWebhook(async (event) => {
console.log("Webhook Event: ", event.event);
console.log("Webhook Data: ", event.data);
// Handle event data
return Response.json({}, { status: 200 });
}, true);
| Parameter | Type | Description |
|---|---|---|
handler | (event: WebhookEvent) => Promise<Response> | Callback function to process webhook events. |
verification | boolean | Enables payload verification (default: true). |
Verification Workflow
- The SDK verifies the
x-timestampandx-signatureheaders. - The payload is signed using HMAC SHA-256 and compared to the provided signature.
- If the verification fails, the SDK responds with
403 Access Restricted.
Example Webhook Payload
{
"type": "FILE_UPLOAD",
"data": {
"id": "session-12345",
"file_size": 10485760,
"chunk_size": 5242880,
"max_chunk": 2,
"file_name": "example.txt",
"temp_path": "/tmp/session-12345",
"owner_id": "user-67890",
"current_chunk": 0,
"provider": "LOCAL"
}
}
Important
Add the authentication endpoints & webhook handling payload to lancer config file as auth-endpoint & webhook-endpoint
Security Best Practices
- Protect Your Webhook Secret: Ensure your
webhookSecretis stored securely in environment variables. - Verify Signatures: Always enable
verificationfor sensitive webhook endpoints. - Rate Limit Your API: Use rate-limiting middleware to prevent abuse.
License
MIT License © 2025 Weekend Dev Labs