31 lines
1.2 KiB
TypeScript
31 lines
1.2 KiB
TypeScript
import { redirect } from '@sveltejs/kit';
|
|
import { createApiClient } from '$lib/shared/api.server';
|
|
import type { PageServerLoad } from './$types';
|
|
|
|
export const load: PageServerLoad = async ({ url, fetch, parent }) => {
|
|
const layout = await parent();
|
|
if (!layout.canBlogWrite) {
|
|
throw redirect(303, '/geschichten');
|
|
}
|
|
|
|
const api = createApiClient(fetch);
|
|
const personId = url.searchParams.get('personId');
|
|
|
|
const personResult = personId
|
|
? await api.GET('/api/persons/{id}', { params: { path: { id: personId } } })
|
|
: null;
|
|
|
|
// Silently ignore 404/403 to avoid leaking entity existence on unknown IDs.
|
|
const initialPersons =
|
|
personResult && personResult.response.ok && personResult.data ? [personResult.data] : [];
|
|
|
|
// Validate ?type against the known union — prevents unexpected strings from reaching the API.
|
|
// Security note: strict equality rejects encoded variants (e.g. STORY%00JOURNEY) and
|
|
// only the FIRST value is returned by searchParams.get() on repeated params.
|
|
const rawType = url.searchParams.get('type');
|
|
const selectedType: 'STORY' | 'JOURNEY' | null =
|
|
rawType === 'STORY' || rawType === 'JOURNEY' ? rawType : null;
|
|
|
|
return { initialPersons, selectedType };
|
|
};
|