IAmChrisAMA
/
rogueserver
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add token length check to account info handler

pull/1/head
maru 2023-12-29 15:12:57 -05:00
parent b1e67634df
commit be62fc939a
No known key found for this signature in database
GPG Key ID: 37689350E9CD0F0D
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
api/account.go
View File

@ -41,6 +41,11 @@ func (s *Server) HandleAccountInfo(w http.ResponseWriter, r *http.Request) {
return return
} }
if len(token) != 32 {
http.Error(w, "invalid token", http.StatusBadRequest)
return
}
username, err := db.GetUsernameFromToken(token) username, err := db.GetUsernameFromToken(token)
if err != nil { if err != nil {
http.Error(w, err.Error(), http.StatusBadRequest) http.Error(w, err.Error(), http.StatusBadRequest)