kmc7468/arkvault
1
0
Fork 0
mirror of https://github.com/kmc7468/arkvault.git synced 2025-12-16 15:08:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

백엔드에서, Request Body 검증 전에 인증을 먼저 거치도록 변경

Browse Source
This commit is contained in:
static
2024-12-30 00:48:21 +09:00
parent 04780d2493
commit d39931c79a
4 changed files with 21 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/routes/api/client/register/+server.ts
View File

@@ -5,19 +5,19 @@ import { registerUserClient } from "$lib/server/services/client";
import type { RequestHandler } from "./$types";
export const POST: RequestHandler = async ({ request, cookies, getClientAddress }) => {
const { userId, clientId } = authenticate(cookies);
if (clientId) {
error(403, "Forbidden");
}
const zodRes = z
.object({
pubKey: z.string().base64().nonempty(),
})
.safeParse(await request.json());
if (!zodRes.success) error(400, "Invalid request body");
const { userId, clientId } = authenticate(cookies);
if (clientId) {
error(403, "Forbidden");
}
const { pubKey } = zodRes.data;
const challenge = await registerUserClient(userId, getClientAddress(), pubKey.trim());
return json({ challenge });
};