trafficlunar/tomodachi-share
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: error when uploading one image in submit api and improve security a bit

Browse source
This commit is contained in:
trafficlunar 2025-04-20 17:49:55 +01:00
parent b17478a718
commit 0d8a46d31a
1 changed files with 16 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
src/app/api/submit/route.ts
View file

@ -24,9 +24,9 @@ const submitSchema = z.object({
qrBytesRaw: z qrBytesRaw: z
.array(z.number(), { required_error: "A QR code is required" }) .array(z.number(), { required_error: "A QR code is required" })
.length(372, { message: "QR code size is not a valid Tomodachi Life QR code" }), .length(372, { message: "QR code size is not a valid Tomodachi Life QR code" }),
image1: z.instanceof(File).optional(), image1: z.union([z.instanceof(File), z.any()]).optional(),
image2: z.instanceof(File).optional(), image2: z.union([z.instanceof(File), z.any()]).optional(),
image3: z.instanceof(File).optional(), image3: z.union([z.instanceof(File), z.any()]).optional(),
}); });
export async function POST(request: Request) { export async function POST(request: Request) {
@ -34,10 +34,20 @@ export async function POST(request: Request) {
if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); if (!session) return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
const formData = await request.formData(); const formData = await request.formData();
let rawTags: string[];
let rawQrBytesRaw: string[]; // raw raw
try {
rawTags = JSON.parse(formData.get("tags") as string);
rawQrBytesRaw = JSON.parse(formData.get("qrBytesRaw") as string);
} catch {
return NextResponse.json({ error: "Invalid JSON in tags or QR bytes" }, { status: 400 });
}
const parsed = submitSchema.safeParse({ const parsed = submitSchema.safeParse({
name: formData.get("name"), name: formData.get("name"),
tags: JSON.parse(formData.get("tags") as string), tags: rawTags,
qrBytesRaw: JSON.parse(formData.get("qrBytesRaw") as string), qrBytesRaw: rawQrBytesRaw,
image1: formData.get("image1"), image1: formData.get("image1"),
image2: formData.get("image2"), image2: formData.get("image2"),
image3: formData.get("image3"), image3: formData.get("image3"),
@ -50,7 +60,7 @@ export async function POST(request: Request) {
const images: File[] = []; const images: File[] = [];
for (const img of [image1, image2, image3]) { for (const img of [image1, image2, image3]) {
if (!img) break; if (!img) continue;
const imageValidation = await validateImage(img); const imageValidation = await validateImage(img);
if (imageValidation.valid) { if (imageValidation.valid) {