aboutsummaryrefslogtreecommitdiff
path: root/src/routes/api/preferences/pin/+server.ts
diff options
context:
space:
mode:
authorFuwn <[email protected]>2026-03-28 06:02:54 +0000
committerFuwn <[email protected]>2026-03-28 06:04:13 +0000
commit8a99dd5c4b74a4ea2ce715aed5e517022621f05c (patch)
tree56e24474d2240e77887450e0e52617e358ac3379 /src/routes/api/preferences/pin/+server.ts
parentfix(cache): respect AniList media list recache windows (diff)
downloaddue.moe-8a99dd5c4b74a4ea2ce715aed5e517022621f05c.tar.xz
due.moe-8a99dd5c4b74a4ea2ce715aed5e517022621f05c.zip
fix(auth): ignore malformed user cookies
Diffstat (limited to 'src/routes/api/preferences/pin/+server.ts')
-rw-r--r--src/routes/api/preferences/pin/+server.ts14
1 files changed, 10 insertions, 4 deletions
diff --git a/src/routes/api/preferences/pin/+server.ts b/src/routes/api/preferences/pin/+server.ts
index 45a231fd..b69a8142 100644
--- a/src/routes/api/preferences/pin/+server.ts
+++ b/src/routes/api/preferences/pin/+server.ts
@@ -1,5 +1,5 @@
-import { userIdentity } from "$lib/Data/AniList/identity";
-import { decodeAuthCookieOrThrow } from "$lib/Effect/authCookie";
+import { safeUserIdentity } from "$lib/Data/AniList/identity";
+import { decodeAuthCookieOrNull } from "$lib/Effect/authCookie";
import { toggleHololiveStreamPinning } from "$lib/Database/SB/User/preferences";
import { appOriginHeaders } from "$lib/Utility/appOrigin";
@@ -10,11 +10,17 @@ export const PUT = async ({ cookies, url }) => {
if (!userCookie) return unauthorised;
- const user = decodeAuthCookieOrThrow(userCookie);
+ const user = decodeAuthCookieOrNull(userCookie);
+
+ if (!user) return unauthorised;
+
+ const identity = await safeUserIdentity(user);
+
+ if (!identity) return unauthorised;
return Response.json(
await toggleHololiveStreamPinning(
- (await userIdentity(user)).id,
+ identity.id,
url.searchParams.get("stream") || "",
),
{
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-11 21:18:37 +0000