Mirror/gitea-mirror
1
0
Fork 0
mirror of https://github.com/RayLabsHQ/gitea-mirror.git synced 2026-03-14 06:23:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

security: enforce session-derived user identity on API routes (#186)

Browse Source 
* security: enforce session user on api routes

* test: harden auth guard failure path
This commit is contained in:
ARUNAVO RAY
2026-02-24 11:47:29 +05:30
committed by GitHub
parent f28ac8fa09
commit 6a548e3dac
24 changed files with 334 additions and 201 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/pages/api/github/organizations.ts
View File

@@ -9,22 +9,14 @@ import {
import type { Organization } from "@/lib/db/schema";
import { repoStatusEnum } from "@/types/Repository";
import { jsonResponse, createSecureErrorResponse } from "@/lib/utils";
import { requireAuthenticatedUserId } from "@/lib/auth-guards";
export const GET: APIRoute = async ({ request }) => {
const url = new URL(request.url);
const userId = url.searchParams.get("userId");
if (!userId) {
return jsonResponse({
data: {
success: false,
error: "Missing userId",
},
status: 400,
});
}
export const GET: APIRoute = async ({ request, locals }) => {
try {
const authResult = await requireAuthenticatedUserId({ request, locals });
if ("response" in authResult) return authResult.response;
const userId = authResult.userId;
// Fetch the user's active configuration to respect filtering settings
const [config] = await db
.select()