mirror of
https://github.com/hpware/news-analyze.git
synced 2025-06-23 15:51:01 +08:00
吳元皓
2895263e52
cookies (that may be not possible, but it is a safety guard I want to add. (Chat: https://t3.chat/chat/c1883e6a-6c38-4af3-9818-0e927449c61c)
36 lines
803 B
TypeScript
36 lines
803 B
TypeScript
import sql from "~/server/components/postgres";
|
|
export default async function getUserTokenMinusSQLInjection(event) {
|
|
const userToken = await getCookie(event, "token");
|
|
if (!userToken) {
|
|
return {
|
|
token: null,
|
|
user: null,
|
|
error: "NO_TOKEN",
|
|
};
|
|
}
|
|
const uuidRegex =
|
|
/^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
|
|
if (!uuidRegex.test(userToken)) {
|
|
return {
|
|
token: null,
|
|
user: null,
|
|
error: "INVALID_TOKEN_FORMAT",
|
|
};
|
|
}
|
|
const getUser = await sql`
|
|
select * from usertokens
|
|
where token = ${userToken}`;
|
|
if (getUser.length === 0) {
|
|
return {
|
|
token: null,
|
|
user: null,
|
|
error: "NOT_AUTHED",
|
|
};
|
|
}
|
|
return {
|
|
token: userToken,
|
|
user: getUser[0].username,
|
|
error: "",
|
|
};
|
|
}
|