diff options
Diffstat (limited to 'src/routes/api')
| -rw-r--r-- | src/routes/api/badges/+server.ts | 9 | ||||
| -rw-r--r-- | src/routes/api/oauth/refresh/+server.ts | 29 |
2 files changed, 8 insertions, 30 deletions
diff --git a/src/routes/api/badges/+server.ts b/src/routes/api/badges/+server.ts index 10b63125..a4212f40 100644 --- a/src/routes/api/badges/+server.ts +++ b/src/routes/api/badges/+server.ts @@ -15,6 +15,7 @@ import { } from "$lib/Database/SB/User/badges"; import { decodeAuthCookieOrNull } from "$lib/Effect/authCookie"; import { decodeRequestJsonOrThrow } from "$lib/Effect/requestBody"; +import { checkClickCounterLimit } from "$lib/Error/rateLimit"; import { appOrigin, appOriginHeaders } from "$lib/Utility/appOrigin"; import { isOwnerOrPrivileged } from "$lib/Utility/authorisation"; import privilegedUser from "$lib/Utility/privilegedUser"; @@ -53,8 +54,14 @@ export const DELETE = async ({ url, cookies }) => { return await badges(identity.id); }; -export const PUT = async ({ cookies, url, request }) => { +export const PUT = async (event) => { + const { cookies, url, request } = event; + if (url.searchParams.get("incrementClickCount") || undefined) { + const limited = await checkClickCounterLimit(event); + + if (limited) return limited; + if (request.headers.get("origin") !== appOrigin()) return unauthorised(); await incrementClickCount( diff --git a/src/routes/api/oauth/refresh/+server.ts b/src/routes/api/oauth/refresh/+server.ts deleted file mode 100644 index 49306076..00000000 --- a/src/routes/api/oauth/refresh/+server.ts +++ /dev/null @@ -1,29 +0,0 @@ -import { redirect } from "@sveltejs/kit"; -import { env } from "$env/dynamic/private"; -import { env as env2 } from "$env/dynamic/public"; - -export const GET = async ({ url, cookies }) => { - const formData = new FormData(); - - formData.append("grant_type", "refresh_token"); - formData.append("client_id", env2.PUBLIC_ANILIST_CLIENT_ID as string); - formData.append("client_secret", env.ANILIST_CLIENT_SECRET as string); - formData.append("refresh_token", url.searchParams.get("token") || ""); - - const newUser = await ( - await fetch("https://anilist.co/api/v2/oauth/token", { - method: "POST", - body: formData, - }) - ).json(); - - cookies.set("user", JSON.stringify(newUser), { - path: "/", - maxAge: 60 * 60 * 24 * 7, - httpOnly: false, - sameSite: "lax", - }); - - if (url.searchParams.get("redirect")) redirect(303, "/"); - else return Response.json(newUser); -}; |