Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-04-14 08:28:23 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: closes #13176, check if uid is number when creating tokens

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2025-02-18 10:42:52 -05:00
parent 5e71d597a4
commit 80cc1d34b0
2 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/api/utils.js
View File

@@ -52,6 +52,9 @@ utils.tokens.get = async (tokens) => {
};
utils.tokens.generate = async ({ uid, description }) => {
if (!srcUtils.isNumber(uid)) {
throw new Error('[[error:invalid-uid]]');
}
if (parseInt(uid, 10) !== 0) {
const uidExists = await user.exists(uid);
if (!uidExists) {
@@ -66,7 +69,7 @@ utils.tokens.generate = async ({ uid, description }) => {
};
utils.tokens.add = async ({ token, uid, description = '', timestamp = Date.now() }) => {
if (!token || uid === undefined) {
if (!token || uid === undefined || !srcUtils.isNumber(uid)) {
throw new Error('[[error:invalid-data]]');
}
@@ -80,6 +83,9 @@ utils.tokens.add = async ({ token, uid, description = '', timestamp = Date.now()
};
utils.tokens.update = async (token, { uid, description }) => {
if (!srcUtils.isNumber(uid)) {
throw new Error('[[error:invalid-uid]]');
}
await Promise.all([
db.setObject(`token:${token}`, { uid, description }),
db.sortedSetAdd(`tokens:uid`, uid, token),