mirror of
https://github.com/hpware/news-analyze.git
synced 2025-06-23 13:04:23 +00:00
42 lines
1.2 KiB
TypeScript
42 lines
1.2 KiB
TypeScript
import sql from "~/server/components/postgres";
|
|
import getUserTokenMinusSQLInjection from "~/server/components/getUserToken";
|
|
export default defineEventHandler(async (event) => {
|
|
// Check user data.
|
|
const token = await getUserTokenMinusSQLInjection(event);
|
|
if (token.error.length !== 0) {
|
|
return {
|
|
error: "ERR_NOT_ALLOWED",
|
|
};
|
|
}
|
|
// Actual function
|
|
const body = await readBody(event);
|
|
if (body.jsonValue.length === 0) {
|
|
const clearBadDataRegex = /[@-_.+a-zA-Z0-9]{2,}/;
|
|
// Use Static values for now.
|
|
const requestChange = body.action || "";
|
|
const apiKeyqq = body.value.match(clearBadDataRegex);
|
|
const allowedColumns = ["firstname", "email"];
|
|
|
|
if (!allowedColumns.includes(requestChange)) {
|
|
return {
|
|
error: "ERR_NOT_ALLOWED",
|
|
};
|
|
} else if (requestChange === "firstname") {
|
|
const sqlC = await sql`
|
|
UPDATE users SET firstname = ${apiKeyqq[0]}
|
|
WHERE username = ${token.user}`;
|
|
return {
|
|
sqlC: sqlC,
|
|
success: true,
|
|
};
|
|
}
|
|
const sqlC = await sql.unsafe(
|
|
`UPDATE user_other_data SET ${requestChange} = $1 WHERE username = $2`,
|
|
[apiKeyqq[0], token.user],
|
|
);
|
|
return {
|
|
sqlC: sqlC,
|
|
success: true,
|
|
};
|
|
}
|
|
});
|