Cookies validation and Security Guidelines (#242)
* Add OTP and security guidelines documentation and additional checks on client-provided values - Introduced additional checks on client-provided values such as cookies - Introduced a new OTP API documentation outlining the creation and verification of OTP tokens for sensitive operations. - Added comprehensive security guidelines for writing secure code in Next.js, covering client and server components, environment variables, authentication, and error handling. These additions enhance the project's security posture and provide clear instructions for developers on implementing secure practices. * Add OTP API documentation and enhance security guidelines - Introduced comprehensive documentation for the OTP API, detailing the creation and verification of OTP tokens for sensitive operations. - Enhanced security guidelines for Next.js, emphasizing the importance of input validation, environment variable management, and error handling. - Implemented additional checks for client-provided values to improve overall security posture. These updates provide clear instructions for developers and strengthen the project's security framework.
This commit is contained in:
Giancarlo Buomprisco
committed by
GitHub
GitHub
parent
1327a8efb7
commit
e193c94f06
@@ -2,13 +2,10 @@ import { use } from 'react';
|
||||
|
||||
import { cookies } from 'next/headers';
|
||||
|
||||
import { z } from 'zod';
|
||||
|
||||
import { TeamAccountWorkspaceContextProvider } from '@kit/team-accounts/components';
|
||||
import {
|
||||
Page,
|
||||
PageLayoutStyle,
|
||||
PageMobileNavigation,
|
||||
PageNavigation,
|
||||
} from '@kit/ui/page';
|
||||
import { Page, PageMobileNavigation, PageNavigation } from '@kit/ui/page';
|
||||
import { SidebarProvider } from '@kit/ui/shadcn-sidebar';
|
||||
|
||||
import { AppLogo } from '~/components/app-logo';
|
||||
@@ -124,19 +121,26 @@ function HeaderLayout({
|
||||
|
||||
async function getLayoutState(account: string) {
|
||||
const cookieStore = await cookies();
|
||||
const config = getTeamAccountSidebarConfig(account);
|
||||
|
||||
const LayoutStyleSchema = z
|
||||
.enum(['sidebar', 'header', 'custom'])
|
||||
.default(config.style);
|
||||
|
||||
const sidebarOpenCookie = cookieStore.get('sidebar:state');
|
||||
const layoutCookie = cookieStore.get('layout-style');
|
||||
|
||||
const layoutStyle = layoutCookie?.value as PageLayoutStyle;
|
||||
const config = getTeamAccountSidebarConfig(account);
|
||||
const layoutStyle = LayoutStyleSchema.safeParse(layoutCookie?.value);
|
||||
|
||||
const sidebarOpenCookieValue = sidebarOpenCookie
|
||||
? sidebarOpenCookie.value === 'false'
|
||||
: !config.sidebarCollapsed;
|
||||
|
||||
const style = layoutStyle.success ? layoutStyle.data : config.style;
|
||||
|
||||
return {
|
||||
open: sidebarOpenCookieValue,
|
||||
style: layoutStyle ?? config.style,
|
||||
style,
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user