fix: add input validation for check_type in duplicate check

Author: Nixxx19

server/controllers/user.controller/signup.ts

@@ -96,9 +96,29 @@ export const duplicateUserCheck: RequestHandler<
   DuplicateUserCheckQuery
 > = async (req, res) => {
   const checkType = req.query.check_type;
+  const allowedCheckTypes = ['email', 'username'] as const;
+
+  // Validate check_type to prevent prototype pollution
+  if (
+    !checkType ||
+    !allowedCheckTypes.includes(checkType as 'email' | 'username')
+  ) {
+    return res.status(400).json({
+      error: 'Invalid check_type. Must be either "email" or "username".'
+    });
+  }
+
   const value = req.query[checkType];
+
+  // Validate that the corresponding value exists
+  if (!value || typeof value !== 'string' || value.trim().length === 0) {
+    return res.status(400).json({
+      error: `Missing or invalid ${checkType} value.`
+    });
+  }
+
   const options = { caseInsensitive: true, valueType: checkType };
-  const user = await User.findByEmailOrUsername(value!, options);
+  const user = await User.findByEmailOrUsername(value, options);
   if (user) {
     return res.json({
       exists: true,