From fa0a18111709480d8862269e62b8473823fca418 Mon Sep 17 00:00:00 2001 From: Andrea Vos Date: Thu, 25 May 2023 22:34:30 +0000 Subject: [PATCH] [api] minor request validator to avoid spamming logs on invalid requests --- server/routes/profile.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/server/routes/profile.js b/server/routes/profile.js index 57e96928d..6a2d39e1a 100644 --- a/server/routes/profile.js +++ b/server/routes/profile.js @@ -563,6 +563,10 @@ router.post('/profile/save', handleErrorAsync(async (req, res) => { })); router.post('/profile/delete/:locale', handleErrorAsync(async (req, res) => { + if (!req.user) { + return res.status(400).json({error: 'Missing user'}); + } + await req.db.get(SQL`DELETE FROM profiles WHERE userId = ${req.user.id} AND locale = ${req.params.locale}`); return res.json(await fetchProfiles(req.db, req.user.username, true));