ob/sprint
1
0
Fork 0
mirror of https://github.com/hex248/sprint.git synced 2026-02-08 10:33:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

patched security holes

Browse Source
This commit is contained in:
Oliver Bryan
2026-01-21 22:44:57 +00:00
parent db0be8330e
commit be57b4d6df
11 changed files with 129 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
packages/backend/src/auth/middleware.ts
View File

@@ -35,6 +35,10 @@ export const withAuth = <T extends BunRequest>(handler: AuthedRouteHandler<T>):
return new Response("Session expired", { status: 401 });
}
if (session.userId !== userId) {
return new Response("Invalid session", { status: 401 });
}
return handler(
Object.assign(req, {
userId,