From 8650920c7cea95cfc7f535c3f683b6c11d602155 Mon Sep 17 00:00:00 2001
From: FragginWagon <greg.r.jacobs@gmail.com>
Date: Thu, 29 Jan 2026 04:35:14 +0000
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=92=20Add=20validation=20for=20Challon?=
 =?UTF-8?q?ge=20OAuth=20configuration=20in=20token=20and=20refresh=20endpo?=
 =?UTF-8?q?ints?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 code/websites/pokedex.online/server/oauth-proxy.js | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/code/websites/pokedex.online/server/oauth-proxy.js b/code/websites/pokedex.online/server/oauth-proxy.js
index cdb3115..481854f 100644
--- a/code/websites/pokedex.online/server/oauth-proxy.js
+++ b/code/websites/pokedex.online/server/oauth-proxy.js
@@ -54,6 +54,13 @@ app.use('/api/gamemaster', gamemasterRouter);
  * POST /oauth/token
  */
 app.post('/oauth/token', async (req, res) => {
+  if (!hasChallongeAuth) {
+    return res.status(503).json({ 
+      error: 'Challonge OAuth not configured',
+      message: 'Set CHALLONGE_CLIENT_ID and CHALLONGE_CLIENT_SECRET environment variables'
+    });
+  }
+
   const { code } = req.body;
 
   if (!code) {
@@ -98,6 +105,13 @@ app.post('/oauth/token', async (req, res) => {
  * POST /oauth/refresh
  */
 app.post('/oauth/refresh', async (req, res) => {
+  if (!hasChallongeAuth) {
+    return res.status(503).json({ 
+      error: 'Challonge OAuth not configured',
+      message: 'Set CHALLONGE_CLIENT_ID and CHALLONGE_CLIENT_SECRET environment variables'
+    });
+  }
+
   const { refresh_token } = req.body;
 
   if (!refresh_token) {