fragginwagon/memory-infrastructure-palace
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔒 Add validation for Challonge OAuth configuration in token and refresh endpoints

Browse Source
This commit is contained in:
Greg Jacobs
2026-01-29 04:35:14 +00:00
parent 4769193ae4
commit 8650920c7c
1 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
code/websites/pokedex.online/server/oauth-proxy.js
View File

@@ -54,6 +54,13 @@ app.use('/api/gamemaster', gamemasterRouter);
* POST /oauth/token
*/
app.post('/oauth/token', async (req, res) => {
if (!hasChallongeAuth) {
return res.status(503).json({
error: 'Challonge OAuth not configured',
message: 'Set CHALLONGE_CLIENT_ID and CHALLONGE_CLIENT_SECRET environment variables'
});
}
const { code } = req.body;
if (!code) {
@@ -98,6 +105,13 @@ app.post('/oauth/token', async (req, res) => {
* POST /oauth/refresh
*/
app.post('/oauth/refresh', async (req, res) => {
if (!hasChallongeAuth) {
return res.status(503).json({
error: 'Challonge OAuth not configured',
message: 'Set CHALLONGE_CLIENT_ID and CHALLONGE_CLIENT_SECRET environment variables'
});
}
const { refresh_token } = req.body;
if (!refresh_token) {