jake/jarv.is
jake/jarv.is
1
Fork 0
mirror of https://github.com/jakejarvis/jarv.is.git synced 2025-04-26 04:45:22 -04:00
Code Issues

add extremely basic input validation to /api/hits endpoint

Browse Source
This commit is contained in:
Jake Jarvis 2024-01-09 13:41:03 -05:00
parent cedb348087
commit 7958796791
Signed by: jake
GPG Key ID: 2B0C9CF251E69A39
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pages/api/count.ts
View File

@ -5,9 +5,11 @@ import type { PageStats } from "../../types";
const handler: NextApiHandler<PageStats> = async (req, res) => {
const { slug } = req.query;
if (typeof slug !== "string" || slug === "") {
// extremely basic input validation.
// TODO: actually check if the note exists before continuing (and allow pages other than notes).
if (typeof slug !== "string" || !new RegExp(/^notes\/([A-Za-z0-9-]+)$/i).test(slug)) {
// @ts-expect-error
return res.status(400).json({ message: "Missing `slug` parameter." });
return res.status(400).json({ error: "Missing or invalid 'slug' parameter." });
}
// +1 hit!