Make icon marketplace work with either verifyCode or token

2026-01-31 01:28:37 -07:00
parent 4727816fb2
commit 5cd6442cca
2 changed files with 50 additions and 33 deletions
--- a/src/index.ts
+++ b/src/index.ts
@@ -1083,11 +1083,12 @@ app.post(
  {
    detail: {
      description:
-        'The endpoint for uploading an icon to the icon marketplace.',
+        'The endpoint for uploading an icon to the icon marketplace.\n\n`verifyCode` or `token` must be provided.',
      tags: ['Berry Dash', 'Icon Marketplace']
    },
    body: t.Object({
-      verifyCode: t.String(),
+      verifyCode: t.Optional(t.String()),
+      token: t.Optional(t.String()),
      price: t.String(),
      name: t.String(),
      fileContent: t.String()
--- a/src/routes/berrydash/icon-marketplace/upload/post.ts
+++ b/src/routes/berrydash/icon-marketplace/upload/post.ts
@@ -3,7 +3,8 @@ import {
  getClientIp,
  getDatabaseConnection,
  hash,
-  jsonResponse
+  jsonResponse,
+  validateTurnstile
 } from '../../../../lib/util'
 import { checkAuthorization } from '../../../../lib/auth'
 import { berryDashMarketplaceIcons, verifyCodes } from '../../../../lib/tables'
@@ -14,6 +15,7 @@ import { Connection } from 'mysql2/typings/mysql/lib/Connection'

 type Body = {
  verifyCode: string
+  token: string
  price: string
  name: string
  fileContent: string
@@ -72,13 +74,13 @@ export async function handler (context: Context) {
  const userId = authResult.id

  const body = context.body as Body
-  if (!body.name || !body.price || !body.fileContent) {
+  if (!body.verifyCode && !body.token) {
    connection0.end()
    connection1.end()
    return jsonResponse(
      {
        success: false,
-        message: 'Name, price and fileContent must be in POST data'
+        message: 'verifyCode or token must be provided in POST data'
      },
      400
    )
@@ -134,6 +136,7 @@ export async function handler (context: Context) {
    )

  const time = Math.floor(Date.now() / 1000)
+  if (body.verifyCode) {
    const codeExists = await db0
      .select({ id: verifyCodes.id })
      .from(verifyCodes)
@@ -169,6 +172,19 @@ export async function handler (context: Context) {
        },
        400
      )
+  } else {
+    const result = await validateTurnstile(body.token, ip)
+    if (!result.success) {
+      connection0.end()
+      return jsonResponse(
+        {
+          success: false,
+          message: 'Unable to verify captcha key'
+        },
+        400
+      )
+    }
+  }

  const hashResult = hash(atob(body.fileContent), 'sha512')
  const id = crypto.randomUUID()