jake/jarv.is
1
Fork 0
mirror of https://github.com/jakejarvis/jarv.is.git synced 2025-10-28 02:15:47 -04:00
Code Issues Activity

add extremely basic input validation to /api/hits endpoint

Browse Source
This commit is contained in:
Jake Jarvis
2024-01-09 13:41:03 -05:00
parent cedb348087
commit 7958796791
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
pages/api/count.ts
View File

@@ -5,9 +5,11 @@ import type { PageStats } from "../../types";
const handler: NextApiHandler<PageStats> = async (req, res) => { const handler: NextApiHandler<PageStats> = async (req, res) => {
const { slug } = req.query; const { slug } = req.query;
if (typeof slug !== "string" || slug === "") { // extremely basic input validation.
// TODO: actually check if the note exists before continuing (and allow pages other than notes).
if (typeof slug !== "string" || !new RegExp(/^notes\/([A-Za-z0-9-]+)$/i).test(slug)) {
// @ts-expect-error // @ts-expect-error
return res.status(400).json({ message: "Missing `slug` parameter." }); return res.status(400).json({ error: "Missing or invalid 'slug' parameter." });
} }
// +1 hit! // +1 hit!