mirror of
https://github.com/hpware/news-analyze.git
synced 2025-06-23 15:51:01 +08:00
吳元皓
2895263e52
cookies (that may be not possible, but it is a safety guard I want to add. (Chat: https://t3.chat/chat/c1883e6a-6c38-4af3-9818-0e927449c61c)
40 lines
1.1 KiB
TypeScript
40 lines
1.1 KiB
TypeScript
import sql from "~/server/components/postgres";
|
|
import getUserTokenMinusSQLInjection from "~/server/components/getUserToken";
|
|
export default defineEventHandler(async (event) => {
|
|
// Check user data.
|
|
const token = await getUserTokenMinusSQLInjection(event);
|
|
if (token.error.length !== 0) {
|
|
return {
|
|
error: "ERR_NOT_ALLOWED",
|
|
};
|
|
}
|
|
// Actual function
|
|
const body = await readBody(event);
|
|
if (body.jsonValue.length === 0) {
|
|
const clearBadDataRegex = /[@-_.+a-zA-Z0-9]{2,}/;
|
|
let allowed = true;
|
|
if (body.value.match()) {
|
|
allowed = false;
|
|
}
|
|
// Use Static values for now.
|
|
const requestChange = "groq_api_key";
|
|
const apiKeyqq = body.value.match(clearBadDataRegex);
|
|
const allowedColumns = ["groq_api_key", "another_column_name"];
|
|
|
|
if (!allowedColumns.includes(requestChange)) {
|
|
throw new Error("Invalid column name provided");
|
|
}
|
|
|
|
const sqlC = await sql.unsafe(
|
|
`
|
|
UPDATE user_other_data SET ${requestChange} = $1
|
|
WHERE username = $2`,
|
|
[apiKeyqq[0], token.user],
|
|
);
|
|
return {
|
|
sqlC: sqlC,
|
|
success: true,
|
|
};
|
|
}
|
|
});
|