correction faille de securité
All checks were successful
Build and Push App / build (push) Successful in 5m50s
All checks were successful
Build and Push App / build (push) Successful in 5m50s
This commit is contained in:
@@ -43,12 +43,29 @@ export async function POST(request: NextRequest) {
|
||||
return NextResponse.json({ error: 'businessId requis' }, { status: 400 });
|
||||
}
|
||||
|
||||
// Resolve business ID (in case slug was passed)
|
||||
const business = await prisma.business.findFirst({
|
||||
where: {
|
||||
OR: [
|
||||
{ id: businessId },
|
||||
{ slug: businessId }
|
||||
]
|
||||
},
|
||||
select: { id: true }
|
||||
});
|
||||
|
||||
if (!business) {
|
||||
return NextResponse.json({ error: 'Entreprise non trouvée' }, { status: 404 });
|
||||
}
|
||||
|
||||
const actualBusinessId = business.id;
|
||||
|
||||
// Check if already favorited
|
||||
const existing = await prisma.favorite.findUnique({
|
||||
where: {
|
||||
userId_businessId: {
|
||||
userId,
|
||||
businessId
|
||||
businessId: actualBusinessId
|
||||
}
|
||||
}
|
||||
});
|
||||
@@ -64,7 +81,7 @@ export async function POST(request: NextRequest) {
|
||||
await prisma.favorite.create({
|
||||
data: {
|
||||
userId,
|
||||
businessId
|
||||
businessId: actualBusinessId
|
||||
}
|
||||
});
|
||||
return NextResponse.json({ favorited: true });
|
||||
|
||||
Reference in New Issue
Block a user