fix(server): hide slug uniqueness constraint to prevent shared-link probe

Surfacing the Postgres unique-constraint name in the error response let
any authenticated user brute-force whether a custom slug was already in
use by another user's shared link, leaking the existence of other links.
This commit is contained in:
timonrieger
2026-04-29 22:53:50 +02:00
parent 32cc8ca0aa
commit 94264dfc1b
+1 -1
View File
@@ -110,7 +110,7 @@ export class SharedLinkService extends BaseService {
private handleError(error: unknown): never {
if ((error as PostgresError).constraint_name === 'shared_link_slug_uq') {
throw new BadRequestException('Shared link with this slug already exists');
throw new BadRequestException('Failed to save shared link');
}
throw error;
}