Mirror/gitea-mirror
1
0
Fork 0
mirror of https://github.com/RayLabsHQ/gitea-mirror.git synced 2026-04-11 21:49:17 +03:00
Code Issues Packages Projects Releases Wiki Activity

security: enforce session-derived user identity on API routes (#186)

Browse Source 
* security: enforce session user on api routes

* test: harden auth guard failure path
This commit is contained in:
ARUNAVO RAY
2026-02-24 11:47:29 +05:30
committed by GitHub
parent f28ac8fa09
commit 6a548e3dac
24 changed files with 334 additions and 201 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/pages/api/rate-limit/index.ts
View File

@@ -6,19 +6,16 @@ import { RateLimitManager } from "@/lib/rate-limit-manager";
import { createGitHubClient } from "@/lib/github";
import { getDecryptedGitHubToken } from "@/lib/utils/config-encryption";
import { configs } from "@/lib/db";
import { requireAuthenticatedUserId } from "@/lib/auth-guards";
export const GET: APIRoute = async ({ request, locals }) => {
const authResult = await requireAuthenticatedUserId({ request, locals });
if ("response" in authResult) return authResult.response;
const userId = authResult.userId;
export const GET: APIRoute = async ({ request }) => {
const url = new URL(request.url);
const userId = url.searchParams.get("userId");
const refresh = url.searchParams.get("refresh") === "true";
if (!userId) {
return jsonResponse({
data: { error: "Missing userId" },
status: 400,
});
}
try {
// If refresh is requested, fetch current rate limit from GitHub
if (refresh) {
@@ -101,4 +98,4 @@ export const GET: APIRoute = async ({ request }) => {
} catch (error) {
return createSecureErrorResponse(error, "rate limit check", 500);
}
};
};