백엔드에서, Request Body 검증 전에 인증을 먼저 거치도록 변경

src/routes/api/client/verify/+server.ts

@@ -5,19 +5,19 @@ import { verifyUserClient } from "$lib/server/services/client";
 import type { RequestHandler } from "./$types";
 
 export const POST: RequestHandler = async ({ request, cookies, getClientAddress }) => {
+  const { userId, clientId } = authenticate(cookies);
+  if (clientId) {
+    error(403, "Forbidden");
+  }
+
   const zodRes = z
     .object({
       answer: z.string().base64().nonempty(),
     })
     .safeParse(await request.json());
   if (!zodRes.success) error(400, "Invalid request body");
-
-  const { userId, clientId } = authenticate(cookies);
-  if (clientId) {
-    error(403, "Forbidden");
-  }
-
   const { answer } = zodRes.data;
+
   await verifyUserClient(userId, getClientAddress(), answer.trim());
   return text("Client verified", { headers: { "Content-Type": "text/plain" } });
 };