🔒️(backend) enhance API input validation to strengthen security

During the bug bounty, attempts were made to pass unexpected hidden fields to manipulate room behavior and join as a ghost. Treat these parameters as suspicious. They are not sent by the frontend, so their presence likely indicates tampering. Explicitly allow the parameters but emit warning logs to help detect and investigate suspicious activity.
2026-03-02 12:22:05 +01:00
parent 692e0e359e
commit bfbf253033
4 changed files with 219 additions and 17 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,10 @@ and this project adheres to

 ## [Unreleased]

+### Changed
+
+- 🔒️(backend) enhance API input validation to strengthen security #1053
+
 ## [1.9.0] - 2026-03-02

 ### Added