fix: use consistent package parsing on social/likes

app/composables/usePackageComparison.ts

@@ -142,7 +142,9 @@ export function usePackageComparison(packageNames: MaybeRefOrGetter<string[]>) {
               $fetch<VulnerabilityTreeResult>(
                 `/api/registry/vulnerabilities/${encodePackageName(name)}`,
               ).catch(() => null),
-              $fetch<PackageLikes>(`/api/social/likes/${name}`).catch(() => null),
+              $fetch<PackageLikes>(`/api/social/likes/${encodePackageName(name)}`).catch(
+                () => null,
+              ),
             ])
             const versionData = pkgData.versions[latestVersion]
             const packageSize = versionData?.dist?.unpackedSize

server/api/social/likes/[...pkg].get.ts

@@ -1,12 +1,33 @@
+import * as v from 'valibot'
+import { PackageRouteParamsSchema } from '#shared/schemas/package'
+
+/**
+ * GET /api/social/likes/:name
+ *
+ * Gets the likes for a npm package on npmx
+ */
 export default eventHandlerWithOAuthSession(async (event, oAuthSession, _) => {
-  const packageName = getRouterParam(event, 'pkg')
-  if (!packageName) {
+  const pkgParamSegments = getRouterParam(event, 'pkg')?.split('/') ?? []
+  const { rawPackageName } = parsePackageParams(pkgParamSegments)
+
+  if (!rawPackageName) {
     throw createError({
       status: 400,
       message: 'package name not provided',
     })
   }
 
-  const likesUtil = new PackageLikesUtils()
-  return await likesUtil.getLikes(packageName, oAuthSession?.did.toString())
+  try {
+    const { packageName } = v.parse(PackageRouteParamsSchema, {
+      packageName: decodeURIComponent(rawPackageName),
+    })
+
+    const likesUtil = new PackageLikesUtils()
+    return await likesUtil.getLikes(packageName, oAuthSession?.did.toString())
+  } catch (error: unknown) {
+    handleApiError(error, {
+      statusCode: 502,
+      message: 'Failed to get likes',
+    })
+  }
 })