Mirror/gitea-mirror
1
0
Fork 0
mirror of https://github.com/RayLabsHQ/gitea-mirror.git synced 2026-04-08 05:58:18 +03:00
Code Issues Packages Projects Releases Wiki Activity

security: enforce session-derived user identity on API routes (#186)

Browse Source 
* security: enforce session user on api routes

* test: harden auth guard failure path
This commit is contained in:
ARUNAVO RAY
2026-02-24 11:47:29 +05:30
committed by GitHub
parent f28ac8fa09
commit 6a548e3dac
24 changed files with 334 additions and 201 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/pages/api/sync/index.ts
View File

@@ -12,14 +12,12 @@ import {
import { jsonResponse, createSecureErrorResponse } from "@/lib/utils";
import { mergeGitReposPreferStarred, calcBatchSizeForInsert } from "@/lib/repo-utils";
import { getDecryptedGitHubToken } from "@/lib/utils/config-encryption";
import { requireAuthenticatedUserId } from "@/lib/auth-guards";
export const POST: APIRoute = async ({ request }) => {
const url = new URL(request.url);
const userId = url.searchParams.get("userId");
if (!userId) {
return jsonResponse({ data: { error: "Missing userId" }, status: 400 });
}
export const POST: APIRoute = async ({ request, locals }) => {
const authResult = await requireAuthenticatedUserId({ request, locals });
if ("response" in authResult) return authResult.response;
const userId = authResult.userId;
try {
const [config] = await db