fix: 服务端验证强化 — 房间ID/坐标/swipe/盲盒竞态/空格

- #15: 房间 ID 扩展为 6 位字母数字，createRoom 用 P2002 重试替代 find-then-create - #16: 盲盒编辑/删除改用 updateMany/deleteMany 原子操作，防止 TOCTOU - #17: lat/lng 用 Number.isFinite + 范围校验 (-90~90, -180~180) - #18: swipe action 必须为 'like' 或 'pass' - #19: user PUT 的 JSON.parse(preferences) 加 try/catch - #26: requireString 拒绝纯空格字符串
2026-02-26 20:19:56 +08:00
parent 93f20747e4
commit dfb3cfa136
6 changed files with 41 additions and 31 deletions
@@ -73,12 +73,15 @@ export const PUT = apiHandler(async (req) => {
      data: updateData,
    });

+    let prefs = {};
+    try { prefs = JSON.parse(user.preferences); } catch { /* fallback */ }
+
    return NextResponse.json({
      id: user.id,
      username: user.username,
      avatar: user.avatar,
      email: user.email,
-      preferences: JSON.parse(user.preferences),
+      preferences: prefs,
    });
  } catch (e) {
    if (e instanceof Prisma.PrismaClientKnownRequestError && e.code === "P2002") {