kmc7468/arkvault
1
0
Fork 0
mirror of https://github.com/kmc7468/arkvault.git synced 2026-02-04 08:06:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

백엔드에서, Request Body 검증 전에 인증을 먼저 거치도록 변경

Browse Source
This commit is contained in:
static
2024-12-30 00:48:21 +09:00
parent 04780d2493
commit d39931c79a
4 changed files with 21 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/routes/api/mek/register/initial/+server.ts
View File

@@ -5,20 +5,19 @@ import { registerInitialActiveMek } from "$lib/server/services/mek";
import type { RequestHandler } from "@sveltejs/kit";
export const POST: RequestHandler = async ({ request, cookies }) => {
const { userId, clientId } = authenticate(cookies);
if (!clientId) {
error(403, "Forbidden");
}
const zodRes = z
.object({
mek: z.string().base64().nonempty(),
})
.safeParse(await request.json());
if (!zodRes.success) error(400, "Invalid request body");
const { userId, clientId } = authenticate(cookies);
if (!clientId) {
error(403, "Forbidden");
}
const { mek } = zodRes.data;
await registerInitialActiveMek(userId, clientId, mek);
await registerInitialActiveMek(userId, clientId, mek);
return text("MEK registered", { headers: { "Content-Type": "text/plain" } });
};