Complete the code to define a server action that securely handles a form submission.
'use [1]'; export const submitForm = async (formData) => { // process formData securely }
The 'use server' directive marks the function as a server action in Next.js, ensuring it runs only on the server.
Complete the code to prevent Cross-Site Request Forgery (CSRF) in a server action.
import { verifyCsrfToken } from 'csrf-lib'; export const submitData = async (data, [1]) => { verifyCsrfToken(csrfToken); // handle data }
CSRF tokens must be passed to the server action to verify the request's authenticity.
Fix the error in the server action to avoid exposing sensitive data to the client.
export const getUserData = async () => {
const user = await fetchUserFromDb();
return [1];
}Removing or masking sensitive fields like password before returning data prevents exposing secrets to the client.
Fill both blanks to correctly validate user input and handle errors in a server action.
export const createUser = async (input) => {
if (!input.email.[1](/\S+@\S+\.\S+/)) {
throw new Error([2]);
}
// create user logic
}Using match with a regex checks if the email format is valid. Throwing an error with a message like 'Invalid email' informs about the issue.
Fill all three blanks to securely fetch user data, check authentication, and return safe data in a server action.
export const fetchProfile = async ([1]) => { const user = await getUserFromSession([2]); if (!user) throw new Error('Unauthorized'); return { id: user.id, name: user.name, [3]: user.[3] }; }
The server action accepts a sessionToken to identify the user. It fetches the user securely and returns only safe fields like id, name, and email, excluding sensitive data like password.