mirror of
https://github.com/kremalicious/umami.git
synced 2024-12-24 02:06:19 +01:00
Add share_id validation.
This commit is contained in:
parent
050cd2f5d9
commit
06e6cbec9a
@ -147,6 +147,8 @@ export const EVENT_COLORS = [
|
||||
export const DOMAIN_REGEX =
|
||||
/^(localhost(:[1-9]\d{0,4})?|((?=[a-z0-9-]{1,63}\.)(xn--)?[a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,63})$/;
|
||||
|
||||
export const SHARE_ID_REGEX = /^[a-zA-Z0-9]{16}$/;
|
||||
|
||||
export const DESKTOP_SCREEN_WIDTH = 1920;
|
||||
export const LAPTOP_SCREEN_WIDTH = 1024;
|
||||
export const MOBILE_SCREEN_WIDTH = 479;
|
||||
|
@ -4,6 +4,7 @@ import { Website, NextApiRequestQueryBody } from 'lib/types';
|
||||
import { canViewWebsite, canUpdateWebsite, canDeleteWebsite } from 'lib/auth';
|
||||
import { useAuth, useCors } from 'lib/middleware';
|
||||
import { deleteWebsite, getWebsite, updateWebsite } from 'queries';
|
||||
import { SHARE_ID_REGEX } from 'lib/constants';
|
||||
|
||||
export interface WebsiteRequestQuery {
|
||||
id: string;
|
||||
@ -43,6 +44,10 @@ export default async (
|
||||
|
||||
let website;
|
||||
|
||||
if (shareId && !shareId.match(SHARE_ID_REGEX)) {
|
||||
return serverError(res, 'Invalid share ID.');
|
||||
}
|
||||
|
||||
try {
|
||||
website = await updateWebsite(websiteId, { name, domain, shareId });
|
||||
} catch (e: any) {
|
||||
|
Loading…
Reference in New Issue
Block a user