add optional env variable to protect the public report creation endpoint with a secret
All checks were successful
delpoy / build-and-deploy (push) Successful in 45s
All checks were successful
delpoy / build-and-deploy (push) Successful in 45s
This commit is contained in:
@@ -1,9 +1,12 @@
|
||||
import type { RequestHandler } from '@sveltejs/kit';
|
||||
import { Report, User } from '$lib/server/database';
|
||||
import * as crypto from 'crypto';
|
||||
import { env } from '$env/dynamic/public';
|
||||
import { env } from '$env/dynamic/private';
|
||||
|
||||
export const POST = (async ({ request, url }) => {
|
||||
if (env.REPORT_SECRET && url.searchParams.get('secret') !== env.REPORT_SECRET)
|
||||
return new Response(null, { status: 401 });
|
||||
|
||||
const data: { reporter: string; reported: string; reason: string } = await request.json();
|
||||
|
||||
if (data.reporter == null || data.reported == null || data.reason == null)
|
||||
|
||||
Reference in New Issue
Block a user