fix(phase1): ad-channels API 입력 견고성 — JSON 파싱 try/catch + 문자열 타입 가드
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -17,13 +17,19 @@ export async function PATCH(request: Request, { params }: { params: Promise<{ id
|
|||||||
}
|
}
|
||||||
|
|
||||||
const { id } = await params;
|
const { id } = await params;
|
||||||
const body = await request.json();
|
|
||||||
|
let body: Record<string, unknown>;
|
||||||
|
try {
|
||||||
|
body = await request.json();
|
||||||
|
} catch {
|
||||||
|
return NextResponse.json({ error: '잘못된 요청 형식' }, { status: 400 });
|
||||||
|
}
|
||||||
|
|
||||||
const patch: Record<string, unknown> = { updated_at: new Date().toISOString() };
|
const patch: Record<string, unknown> = { updated_at: new Date().toISOString() };
|
||||||
|
|
||||||
if (typeof body.name === 'string' && body.name.trim()) patch.name = body.name.trim();
|
if (typeof body.name === 'string' && body.name.trim()) patch.name = body.name.trim();
|
||||||
if ('url' in body) patch.url = body.url?.trim() || null;
|
if ('url' in body) patch.url = typeof body.url === 'string' && body.url.trim() ? body.url.trim() : null;
|
||||||
if ('memo' in body) patch.memo = body.memo?.trim() || null;
|
if ('memo' in body) patch.memo = typeof body.memo === 'string' && body.memo.trim() ? body.memo.trim() : null;
|
||||||
if (body.status === 'active' || body.status === 'paused') patch.status = body.status;
|
if (body.status === 'active' || body.status === 'paused') patch.status = body.status;
|
||||||
|
|
||||||
const supabase = createAdminClient();
|
const supabase = createAdminClient();
|
||||||
|
|||||||
@@ -31,8 +31,14 @@ export async function POST(request: Request) {
|
|||||||
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
|
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
|
||||||
}
|
}
|
||||||
|
|
||||||
const body = await request.json();
|
let body: Record<string, unknown>;
|
||||||
const name = (body.name as string | undefined)?.trim();
|
try {
|
||||||
|
body = await request.json();
|
||||||
|
} catch {
|
||||||
|
return NextResponse.json({ error: '잘못된 요청 형식' }, { status: 400 });
|
||||||
|
}
|
||||||
|
|
||||||
|
const name = typeof body.name === 'string' && body.name.trim() ? body.name.trim() : null;
|
||||||
|
|
||||||
if (!name) {
|
if (!name) {
|
||||||
return NextResponse.json({ error: '채널명을 입력해주세요.' }, { status: 400 });
|
return NextResponse.json({ error: '채널명을 입력해주세요.' }, { status: 400 });
|
||||||
@@ -41,7 +47,11 @@ export async function POST(request: Request) {
|
|||||||
const supabase = createAdminClient();
|
const supabase = createAdminClient();
|
||||||
const { data, error } = await supabase
|
const { data, error } = await supabase
|
||||||
.from('ad_channels')
|
.from('ad_channels')
|
||||||
.insert({ name, url: body.url?.trim() || null, memo: body.memo?.trim() || null })
|
.insert({
|
||||||
|
name,
|
||||||
|
url: typeof body.url === 'string' && body.url.trim() ? body.url.trim() : null,
|
||||||
|
memo: typeof body.memo === 'string' && body.memo.trim() ? body.memo.trim() : null,
|
||||||
|
})
|
||||||
.select()
|
.select()
|
||||||
.single();
|
.single();
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user