fix(phase1): ad-channels API 입력 견고성 — JSON 파싱 try/catch + 문자열 타입 가드

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-07-02 15:22:17 +09:00
parent 3e031a1c80
commit f693c4c5b4
2 changed files with 22 additions and 6 deletions

View File

@@ -17,13 +17,19 @@ export async function PATCH(request: Request, { params }: { params: Promise<{ id
}
const { id } = await params;
const body = await request.json();
let body: Record<string, unknown>;
try {
body = await request.json();
} catch {
return NextResponse.json({ error: '잘못된 요청 형식' }, { status: 400 });
}
const patch: Record<string, unknown> = { updated_at: new Date().toISOString() };
if (typeof body.name === 'string' && body.name.trim()) patch.name = body.name.trim();
if ('url' in body) patch.url = body.url?.trim() || null;
if ('memo' in body) patch.memo = body.memo?.trim() || null;
if ('url' in body) patch.url = typeof body.url === 'string' && body.url.trim() ? body.url.trim() : null;
if ('memo' in body) patch.memo = typeof body.memo === 'string' && body.memo.trim() ? body.memo.trim() : null;
if (body.status === 'active' || body.status === 'paused') patch.status = body.status;
const supabase = createAdminClient();

View File

@@ -31,8 +31,14 @@ export async function POST(request: Request) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}
const body = await request.json();
const name = (body.name as string | undefined)?.trim();
let body: Record<string, unknown>;
try {
body = await request.json();
} catch {
return NextResponse.json({ error: '잘못된 요청 형식' }, { status: 400 });
}
const name = typeof body.name === 'string' && body.name.trim() ? body.name.trim() : null;
if (!name) {
return NextResponse.json({ error: '채널명을 입력해주세요.' }, { status: 400 });
@@ -41,7 +47,11 @@ export async function POST(request: Request) {
const supabase = createAdminClient();
const { data, error } = await supabase
.from('ad_channels')
.insert({ name, url: body.url?.trim() || null, memo: body.memo?.trim() || null })
.insert({
name,
url: typeof body.url === 'string' && body.url.trim() ? body.url.trim() : null,
memo: typeof body.memo === 'string' && body.memo.trim() ? body.memo.trim() : null,
})
.select()
.single();