diff --git a/packages/backend/src/server/api/service/discord.ts b/packages/backend/src/server/api/service/discord.ts
index 04197574c..97cbcbecd 100644
--- a/packages/backend/src/server/api/service/discord.ts
+++ b/packages/backend/src/server/api/service/discord.ts
@@ -1,16 +1,16 @@
 import Koa from 'koa';
 import Router from '@koa/router';
-import { getJson } from '@/misc/fetch.js';
 import { OAuth2 } from 'oauth';
+import { v4 as uuid } from 'uuid';
+import { IsNull } from 'typeorm';
+import { getJson } from '@/misc/fetch.js';
 import config from '@/config/index.js';
 import { publishMainStream } from '@/services/stream.js';
-import { redisClient } from '../../../db/redis.js';
-import { v4 as uuid } from 'uuid';
-import signin from '../common/signin.js';
 import { fetchMeta } from '@/misc/fetch-meta.js';
 import { Users, UserProfiles } from '@/models/index.js';
 import { ILocalUser } from '@/models/entities/user.js';
-import { IsNull } from 'typeorm';
+import { redisClient } from '../../../db/redis.js';
+import signin from '../common/signin.js';
 
 function getUserToken(ctx: Koa.BaseContext): string | null {
 	return ((ctx.headers['cookie'] || '').match(/igi=(\w+)/) || [null, null])[1];
@@ -54,7 +54,7 @@ router.get('/disconnect/discord', async ctx => {
 		integrations: profile.integrations,
 	});
 
-	ctx.body = `Discordの連携を解除しました :v:`;
+	ctx.body = 'Discordの連携を解除しました :v:';
 
 	// Publish i updated event
 	publishMainStream(user.id, 'meUpdated', await Users.pack(user, user, {
@@ -140,7 +140,7 @@ router.get('/dc/cb', async ctx => {
 
 		const code = ctx.query.code;
 
-		if (!code) {
+		if (!code || typeof code !== 'string') {
 			ctx.throw(400, 'invalid session');
 			return;
 		}
@@ -174,17 +174,17 @@ router.get('/dc/cb', async ctx => {
 				}
 			}));
 
-		const { id, username, discriminator } = await getJson('https://discord.com/api/users/@me', '*/*', 10 * 1000, {
+		const { id, username, discriminator } = (await getJson('https://discord.com/api/users/@me', '*/*', 10 * 1000, {
 			'Authorization': `Bearer ${accessToken}`,
-		});
+		})) as Record<string, unknown>;
 
-		if (!id || !username || !discriminator) {
+		if (typeof id !== 'string' || typeof username !== 'string' || typeof discriminator !== 'string') {
 			ctx.throw(400, 'invalid session');
 			return;
 		}
 
 		const profile = await UserProfiles.createQueryBuilder()
-			.where(`"integrations"->'discord'->>'id' = :id`, { id: id })
+			.where('"integrations"->\'discord\'->>\'id\' = :id', { id: id })
 			.andWhere('"userHost" IS NULL')
 			.getOne();
 
@@ -211,7 +211,7 @@ router.get('/dc/cb', async ctx => {
 	} else {
 		const code = ctx.query.code;
 
-		if (!code) {
+		if (!code || typeof code !== 'string') {
 			ctx.throw(400, 'invalid session');
 			return;
 		}
@@ -245,10 +245,10 @@ router.get('/dc/cb', async ctx => {
 				}
 			}));
 
-		const { id, username, discriminator } = await getJson('https://discord.com/api/users/@me', '*/*', 10 * 1000, {
+		const { id, username, discriminator } = (await getJson('https://discord.com/api/users/@me', '*/*', 10 * 1000, {
 			'Authorization': `Bearer ${accessToken}`,
-		});
-		if (!id || !username || !discriminator) {
+		})) as Record<string, unknown>;
+		if (typeof id !== 'string' || typeof username !== 'string' || typeof discriminator !== 'string') {
 			ctx.throw(400, 'invalid session');
 			return;
 		}
diff --git a/packages/backend/src/server/api/service/github.ts b/packages/backend/src/server/api/service/github.ts
index 61bb768a6..04dbd1f7a 100644
--- a/packages/backend/src/server/api/service/github.ts
+++ b/packages/backend/src/server/api/service/github.ts
@@ -1,16 +1,16 @@
 import Koa from 'koa';
 import Router from '@koa/router';
-import { getJson } from '@/misc/fetch.js';
 import { OAuth2 } from 'oauth';
+import { v4 as uuid } from 'uuid';
+import { IsNull } from 'typeorm';
+import { getJson } from '@/misc/fetch.js';
 import config from '@/config/index.js';
 import { publishMainStream } from '@/services/stream.js';
-import { redisClient } from '../../../db/redis.js';
-import { v4 as uuid } from 'uuid';
-import signin from '../common/signin.js';
 import { fetchMeta } from '@/misc/fetch-meta.js';
 import { Users, UserProfiles } from '@/models/index.js';
 import { ILocalUser } from '@/models/entities/user.js';
-import { IsNull } from 'typeorm';
+import { redisClient } from '../../../db/redis.js';
+import signin from '../common/signin.js';
 
 function getUserToken(ctx: Koa.BaseContext): string | null {
 	return ((ctx.headers['cookie'] || '').match(/igi=(\w+)/) || [null, null])[1];
@@ -54,7 +54,7 @@ router.get('/disconnect/github', async ctx => {
 		integrations: profile.integrations,
 	});
 
-	ctx.body = `GitHubの連携を解除しました :v:`;
+	ctx.body = 'GitHubの連携を解除しました :v:';
 
 	// Publish i updated event
 	publishMainStream(user.id, 'meUpdated', await Users.pack(user, user, {
@@ -138,7 +138,7 @@ router.get('/gh/cb', async ctx => {
 
 		const code = ctx.query.code;
 
-		if (!code) {
+		if (!code || typeof code !== 'string') {
 			ctx.throw(400, 'invalid session');
 			return;
 		}
@@ -167,16 +167,16 @@ router.get('/gh/cb', async ctx => {
 				}
 			}));
 
-		const { login, id } = await getJson('https://api.github.com/user', 'application/vnd.github.v3+json', 10 * 1000, {
+		const { login, id } = (await getJson('https://api.github.com/user', 'application/vnd.github.v3+json', 10 * 1000, {
 			'Authorization': `bearer ${accessToken}`,
-		});
-		if (!login || !id) {
+		})) as Record<string, unknown>;
+		if (typeof login !== 'string' || typeof id !== 'string') {
 			ctx.throw(400, 'invalid session');
 			return;
 		}
 
 		const link = await UserProfiles.createQueryBuilder()
-			.where(`"integrations"->'github'->>'id' = :id`, { id: id })
+			.where('"integrations"->\'github\'->>\'id\' = :id', { id: id })
 			.andWhere('"userHost" IS NULL')
 			.getOne();
 
@@ -189,7 +189,7 @@ router.get('/gh/cb', async ctx => {
 	} else {
 		const code = ctx.query.code;
 
-		if (!code) {
+		if (!code || typeof code !== 'string') {
 			ctx.throw(400, 'invalid session');
 			return;
 		}
@@ -219,11 +219,11 @@ router.get('/gh/cb', async ctx => {
 					}
 				}));
 
-		const { login, id } = await getJson('https://api.github.com/user', 'application/vnd.github.v3+json', 10 * 1000, {
+		const { login, id } = (await getJson('https://api.github.com/user', 'application/vnd.github.v3+json', 10 * 1000, {
 			'Authorization': `bearer ${accessToken}`,
-		});
+		})) as Record<string, unknown>;
 
-		if (!login || !id) {
+		if (typeof login !== 'string' || typeof id !== 'string') {
 			ctx.throw(400, 'invalid session');
 			return;
 		}
diff --git a/packages/backend/src/server/api/service/twitter.ts b/packages/backend/src/server/api/service/twitter.ts
index e72b71e2f..2b4f9f6da 100644
--- a/packages/backend/src/server/api/service/twitter.ts
+++ b/packages/backend/src/server/api/service/twitter.ts
@@ -2,14 +2,14 @@ import Koa from 'koa';
 import Router from '@koa/router';
 import { v4 as uuid } from 'uuid';
 import autwh from 'autwh';
-import { redisClient } from '../../../db/redis.js';
+import { IsNull } from 'typeorm';
 import { publishMainStream } from '@/services/stream.js';
 import config from '@/config/index.js';
-import signin from '../common/signin.js';
 import { fetchMeta } from '@/misc/fetch-meta.js';
 import { Users, UserProfiles } from '@/models/index.js';
 import { ILocalUser } from '@/models/entities/user.js';
-import { IsNull } from 'typeorm';
+import signin from '../common/signin.js';
+import { redisClient } from '../../../db/redis.js';
 
 function getUserToken(ctx: Koa.BaseContext): string | null {
 	return ((ctx.headers['cookie'] || '').match(/igi=(\w+)/) || [null, null])[1];
@@ -53,7 +53,7 @@ router.get('/disconnect/twitter', async ctx => {
 		integrations: profile.integrations,
 	});
 
-	ctx.body = `Twitterの連携を解除しました :v:`;
+	ctx.body = 'Twitterの連携を解除しました :v:';
 
 	// Publish i updated event
 	publishMainStream(user.id, 'meUpdated', await Users.pack(user, user, {
@@ -132,10 +132,16 @@ router.get('/tw/cb', async ctx => {
 
 		const twCtx = await get;
 
-		const result = await twAuth!.done(JSON.parse(twCtx), ctx.query.oauth_verifier);
+		const verifier = ctx.query.oauth_verifier;
+		if (!verifier || typeof verifier !== 'string') {
+			ctx.throw(400, 'invalid session');
+			return;
+		}
+
+		const result = await twAuth!.done(JSON.parse(twCtx), verifier);
 
 		const link = await UserProfiles.createQueryBuilder()
-			.where(`"integrations"->'twitter'->>'userId' = :id`, { id: result.userId })
+			.where('"integrations"->\'twitter\'->>\'userId\' = :id', { id: result.userId })
 			.andWhere('"userHost" IS NULL')
 			.getOne();
 
@@ -148,7 +154,7 @@ router.get('/tw/cb', async ctx => {
 	} else {
 		const verifier = ctx.query.oauth_verifier;
 
-		if (verifier == null) {
+		if (!verifier || typeof verifier !== 'string') {
 			ctx.throw(400, 'invalid session');
 			return;
 		}