From 6a44eac70c41bb1343a20ddf3ce775e416214d75 Mon Sep 17 00:00:00 2001
From: Fuwn <contact@fuwn.net>
Date: Tue, 3 Mar 2026 09:04:44 -0800
Subject: refactor(effect): add request body schema decoders to api routes

---
 src/routes/api/preferences/+server.ts | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'src/routes/api/preferences/+server.ts')

diff --git a/src/routes/api/preferences/+server.ts b/src/routes/api/preferences/+server.ts
index 0a30274b..0f62fb76 100644
--- a/src/routes/api/preferences/+server.ts
+++ b/src/routes/api/preferences/+server.ts
@@ -1,5 +1,6 @@
 import { userIdentity } from "$lib/Data/AniList/identity";
 import { decodeAuthCookieOrThrow } from "$lib/Effect/authCookie";
+import { decodeRequestJsonOrThrow } from "$lib/Effect/requestBody";
 import {
 	getUserPreferences,
 	toggleHideMissingBadges,
@@ -9,6 +10,7 @@ import {
 	togglePinnedBadgeWallCategory,
 	setPinnedBadgeWallCategories,
 } from "$lib/Database/SB/User/preferences";
+import { Schema } from "effect";
 
 const unauthorised = new Response("Unauthorised", { status: 401 });
 
@@ -68,7 +70,12 @@ export const PUT = async ({ url, cookies, request }) => {
 
 	if (url.searchParams.get("setCategories") !== null)
 		return Response.json(
-			await setPinnedBadgeWallCategories(userId, await request.json()),
+			await setPinnedBadgeWallCategories(userId, [
+				...(await decodeRequestJsonOrThrow(
+					request,
+					Schema.Array(Schema.String),
+				)),
+			]),
 			{
 				headers: {
 					"Access-Control-Allow-Origin": "https://due.moe",
-- 
cgit v1.2.3