From fbf5a46e745c0f76e47ffe4ad0a3412e2c18bf78 Mon Sep 17 00:00:00 2001 From: Lncvrt Date: Mon, 2 Feb 2026 20:04:46 -0700 Subject: [PATCH] I don't know why I didn't just do this from the start --- src/index.ts | 30 ++++++++++-- src/routes/account/change-password/post.ts | 2 + src/routes/account/change-username/post.ts | 2 + src/routes/account/forgot-password/post.ts | 6 ++- src/routes/account/forgot-username/post.ts | 6 ++- src/routes/account/login/post.ts | 11 ++--- src/routes/account/register/post.ts | 10 +++- src/routes/account/reset-password/post.ts | 6 ++- src/routes/berrydash/account/save/post.ts | 5 ++ .../berrydash/icon-marketplace/icon/get.ts | 2 + src/routes/berrydash/icon-marketplace/post.ts | 2 + .../berrydash/icon-marketplace/upload/post.ts | 46 +++++++++++++++---- src/routes/berrydash/profile/get.ts | 5 +- src/routes/berrydash/profile/posts/put.ts | 2 + src/routes/berrydash/splash-text/post.ts | 9 +++- src/routes/get-verify-code.ts | 4 +- 16 files changed, 122 insertions(+), 26 deletions(-) diff --git a/src/index.ts b/src/index.ts index add7cee..5100b5b 100644 --- a/src/index.ts +++ b/src/index.ts @@ -126,7 +126,11 @@ app.ws('/ws', { db0, ip ) - if (!authResult.valid) return + if (!authResult.valid) { + connection0.end() + connection1.end() + return + } const userId = authResult.id const time = Math.floor(Date.now() / 1000) @@ -183,7 +187,11 @@ app.ws('/ws', { db0, ip ) - if (!authResult.valid) return + if (!authResult.valid) { + connection0.end() + connection1.end() + return + } const userId = authResult.id const time = Math.floor(Date.now() / 1000) @@ -319,7 +327,11 @@ app.ws('/ws', { db0, ip ) - if (!authResult.valid) return + if (!authResult.valid) { + connection0.end() + connection1.end() + return + } const userId = authResult.id const time = Math.floor(Date.now() / 1000) @@ -341,7 +353,11 @@ app.ws('/ws', { .where(eq(berryDashUserData.id, userId)) .limit(1) .execute() - if (!userData[0]) return + if (!userData[0]) { + connection0.end() + connection1.end() + return + } const userInfo = await db0 .select({ username: users.username }) @@ -349,7 +365,11 @@ app.ws('/ws', { .where(eq(users.id, userId)) .limit(1) .execute() - if (!userInfo[0]) return + if (!userInfo[0]) { + connection0.end() + connection1.end() + return + } let savedata = JSON.parse(userData[0].saveData) diff --git a/src/routes/account/change-password/post.ts b/src/routes/account/change-password/post.ts index 26a70e5..cbc4a76 100644 --- a/src/routes/account/change-password/post.ts +++ b/src/routes/account/change-password/post.ts @@ -69,5 +69,7 @@ export async function handler (context: Context) { .where(eq(users.id, userId)) .execute() + connection0.end() + return jsonResponse({ success: true, message: null, data: token }) } diff --git a/src/routes/account/change-username/post.ts b/src/routes/account/change-username/post.ts index 140e585..bbdbb32 100644 --- a/src/routes/account/change-username/post.ts +++ b/src/routes/account/change-username/post.ts @@ -63,5 +63,7 @@ export async function handler (context: Context) { .where(eq(users.id, userId)) .execute() + connection0.end() + return jsonResponse({ success: true, message: null, data: token }) } diff --git a/src/routes/account/forgot-password/post.ts b/src/routes/account/forgot-password/post.ts index a9198e3..eafb96d 100644 --- a/src/routes/account/forgot-password/post.ts +++ b/src/routes/account/forgot-password/post.ts @@ -40,7 +40,10 @@ export async function handler (context: Context) { ) } const time = Math.floor(Date.now() / 1000) - if (!(await verifyTurstileOrVerifyCode(body.token, body.verifyCode, ip, db0))) + if ( + !(await verifyTurstileOrVerifyCode(body.token, body.verifyCode, ip, db0)) + ) { + connection0.end() return jsonResponse( { success: false, @@ -51,6 +54,7 @@ export async function handler (context: Context) { }, 400 ) + } const notFound = `You requested information about your account. Unfortunately, we were unable to find your account associated with this email. This is caused by either an incorrect email provided during signup, or this email not owning a Lncvrt Games account.` diff --git a/src/routes/account/forgot-username/post.ts b/src/routes/account/forgot-username/post.ts index 985b5c7..7a2823c 100644 --- a/src/routes/account/forgot-username/post.ts +++ b/src/routes/account/forgot-username/post.ts @@ -38,7 +38,10 @@ export async function handler (context: Context) { 400 ) } - if (!(await verifyTurstileOrVerifyCode(body.token, body.verifyCode, ip, db0))) + if ( + !(await verifyTurstileOrVerifyCode(body.token, body.verifyCode, ip, db0)) + ) { + connection0.end() return jsonResponse( { success: false, @@ -49,6 +52,7 @@ export async function handler (context: Context) { }, 400 ) + } const notFound = `You requested information about your account, your username\n\nUnfortunately, we were unable to find your username associated with this email. This is caused by either an incorrect email provided during signup, or this email not owning a Lncvrt Games account.` diff --git a/src/routes/account/login/post.ts b/src/routes/account/login/post.ts index ed581ed..cf87528 100644 --- a/src/routes/account/login/post.ts +++ b/src/routes/account/login/post.ts @@ -33,8 +33,10 @@ export async function handler (context: Context) { .where(eq(users.username, body.username)) .limit(1) .execute() - if (!user[0]) { - connection0.end() + + connection0.end() + + if (!user[0]) return jsonResponse( { success: false, @@ -43,9 +45,7 @@ export async function handler (context: Context) { }, 401 ) - } - if (!(await bcrypt.compare(body.password, user[0].password))) { - connection0.end() + if (!(await bcrypt.compare(body.password, user[0].password))) return jsonResponse( { success: false, @@ -54,7 +54,6 @@ export async function handler (context: Context) { }, 401 ) - } return jsonResponse({ success: true, diff --git a/src/routes/account/register/post.ts b/src/routes/account/register/post.ts index 3169677..8167105 100644 --- a/src/routes/account/register/post.ts +++ b/src/routes/account/register/post.ts @@ -44,7 +44,11 @@ export async function handler (context: Context) { ) } const time = Math.floor(Date.now() / 1000) - if (!(await verifyTurstileOrVerifyCode(body.token, body.verifyCode, ip, db0))) + if ( + !(await verifyTurstileOrVerifyCode(body.token, body.verifyCode, ip, db0)) + ) { + connection0.end() + connection1.end() return jsonResponse( { success: false, @@ -55,6 +59,7 @@ export async function handler (context: Context) { }, 400 ) + } if (!/^[a-zA-Z0-9]{3,16}$/.test(body.username)) { connection0.end() @@ -117,6 +122,9 @@ export async function handler (context: Context) { }) .execute() + connection0.end() + connection1.end() + return jsonResponse( { success: true, diff --git a/src/routes/account/reset-password/post.ts b/src/routes/account/reset-password/post.ts index 29ad102..da2aac0 100644 --- a/src/routes/account/reset-password/post.ts +++ b/src/routes/account/reset-password/post.ts @@ -52,7 +52,10 @@ export async function handler (context: Context) { ) } - if (!(await verifyTurstileOrVerifyCode(body.token, body.verifyCode, ip, db0))) + if ( + !(await verifyTurstileOrVerifyCode(body.token, body.verifyCode, ip, db0)) + ) { + connection0.end() return jsonResponse( { success: false, @@ -64,6 +67,7 @@ export async function handler (context: Context) { }, 400 ) + } const time = Math.floor(Date.now() / 1000) const codeExists = await db0 diff --git a/src/routes/berrydash/account/save/post.ts b/src/routes/berrydash/account/save/post.ts index f7d3d3a..6d71e82 100644 --- a/src/routes/berrydash/account/save/post.ts +++ b/src/routes/berrydash/account/save/post.ts @@ -48,6 +48,8 @@ export async function handler (context: Context) { userSaveData.account.name = null userSaveData.account.session = null } catch { + connection0.end() + connection1.end() return jsonResponse( { success: false, message: "Couldn't parse save data" }, 400 @@ -60,5 +62,8 @@ export async function handler (context: Context) { .where(eq(berryDashUserData.id, userId)) .execute() + connection0.end() + connection1.end() + return jsonResponse({ success: true, message: null }) } diff --git a/src/routes/berrydash/icon-marketplace/icon/get.ts b/src/routes/berrydash/icon-marketplace/icon/get.ts index da529e4..ee60875 100644 --- a/src/routes/berrydash/icon-marketplace/icon/get.ts +++ b/src/routes/berrydash/icon-marketplace/icon/get.ts @@ -75,6 +75,8 @@ export async function handler (context: Context) { } if (context.query.raw) { + connection0.end() + connection1.end() const buffer = Buffer.from(icon[0].data, 'base64') return new Response(buffer, { headers: { 'Content-Type': 'image/png' } diff --git a/src/routes/berrydash/icon-marketplace/post.ts b/src/routes/berrydash/icon-marketplace/post.ts index 6f59ca2..ea45af1 100644 --- a/src/routes/berrydash/icon-marketplace/post.ts +++ b/src/routes/berrydash/icon-marketplace/post.ts @@ -61,6 +61,8 @@ export async function handler (context: Context) { for (const key of requiredKeys) { if (!(key in body)) { + connection0.end() + connection1.end() return jsonResponse( { success: false, message: 'Invalid POST data', data: null }, 400 diff --git a/src/routes/berrydash/icon-marketplace/upload/post.ts b/src/routes/berrydash/icon-marketplace/upload/post.ts index b65e45b..82fe839 100644 --- a/src/routes/berrydash/icon-marketplace/upload/post.ts +++ b/src/routes/berrydash/icon-marketplace/upload/post.ts @@ -51,6 +51,7 @@ export async function handler (context: Context) { const ip = getClientIp(context) if (!ip) { connection0.end() + connection1.end() return jsonResponse( { success: false, @@ -86,45 +87,70 @@ export async function handler (context: Context) { ) } - if (price < 10) + if (price < 10) { + connection0.end() + connection1.end() return exitBecauseInvalid( connection0, connection1, 'Price cannot be be under 10 coins' ) - if (!/^[a-zA-Z0-9 ]+$/.test(body.name) || body.name.length > 16) + } + if (!/^[a-zA-Z0-9 ]+$/.test(body.name) || body.name.length > 16) { + connection0.end() + connection1.end() return exitBecauseInvalid(connection0, connection1, 'Name is invalid') + } const decoded = Buffer.from(body.fileContent, 'base64') - if (!decoded) + if (!decoded) { + connection0.end() + connection1.end() return exitBecauseInvalid( connection0, connection1, 'Invalid image uploaded' ) - if (decoded.length > 1024 * 1024) + } + if (decoded.length > 1024 * 1024) { + connection0.end() + connection1.end() return exitBecauseInvalid( connection0, connection1, 'File size exceeds 1 MB limit' ) + } const info = sizeOf(decoded) - if (!info) + if (!info) { + connection0.end() + connection1.end() return exitBecauseInvalid( connection0, connection1, 'Invalid image uploaded' ) - if (info.type !== 'png') + } + if (info.type !== 'png') { + connection0.end() + connection1.end() return exitBecauseInvalid(connection0, connection1, 'Image must be a PNG') - if (info.width !== 128 || info.height !== 128) + } + if (info.width !== 128 || info.height !== 128) { + connection0.end() + connection1.end() return exitBecauseInvalid( connection0, connection1, 'Image has to be 128x128' ) + } const time = Math.floor(Date.now() / 1000) - if (!(await verifyTurstileOrVerifyCode(body.token, body.verifyCode, ip, db0))) + if ( + !(await verifyTurstileOrVerifyCode(body.token, body.verifyCode, ip, db0)) + ) { + connection0.end() + connection1.end() return jsonResponse( { success: false, @@ -135,6 +161,7 @@ export async function handler (context: Context) { }, 400 ) + } const hashResult = hash(atob(body.fileContent), 'sha512') const id = crypto.randomUUID() @@ -149,6 +176,9 @@ export async function handler (context: Context) { timestamp: time }) + connection0.end() + connection1.end() + return jsonResponse({ success: true, message: 'Icon uploaded successfully! It will be reviewed soon.' diff --git a/src/routes/berrydash/profile/get.ts b/src/routes/berrydash/profile/get.ts index 1837e67..85fbdce 100644 --- a/src/routes/berrydash/profile/get.ts +++ b/src/routes/berrydash/profile/get.ts @@ -61,11 +61,14 @@ export async function handler (context: Context) { const savedata = userData[0].saveData ? JSON.parse(userData[0].saveData) : null - if (!savedata) + if (!savedata) { + connection0.end() + connection1.end() return jsonResponse( { success: false, message: 'User save does not exist', data: null }, 404 ) + } connection0.end() connection1.end() diff --git a/src/routes/berrydash/profile/posts/put.ts b/src/routes/berrydash/profile/posts/put.ts index 632856d..2dc5890 100644 --- a/src/routes/berrydash/profile/posts/put.ts +++ b/src/routes/berrydash/profile/posts/put.ts @@ -90,6 +90,8 @@ export async function handler (context: Context) { if (votes[userId.toString()]) { let likes = 0 for (const vote of Object.values(votes) as boolean[]) likes += vote ? 1 : -1 + connection0.end() + connection1.end() return jsonResponse({ success: true, message: null, data: { likes } }, 200) } votes[userId.toString()] = likedQuery.toLowerCase() == 'true' diff --git a/src/routes/berrydash/splash-text/post.ts b/src/routes/berrydash/splash-text/post.ts index 1f8029a..ee6fe80 100644 --- a/src/routes/berrydash/splash-text/post.ts +++ b/src/routes/berrydash/splash-text/post.ts @@ -88,6 +88,8 @@ export async function handler (context: Context) { .execute() if (exists[0]) { + connection0.end() + connection1.end() return jsonResponse( { success: false, @@ -97,7 +99,11 @@ export async function handler (context: Context) { ) } - if (!(await verifyTurstileOrVerifyCode(body.token, body.verifyCode, ip, db0))) + if ( + !(await verifyTurstileOrVerifyCode(body.token, body.verifyCode, ip, db0)) + ) { + connection0.end() + connection1.end() return jsonResponse( { success: false, @@ -108,6 +114,7 @@ export async function handler (context: Context) { }, 400 ) + } const time = Math.floor(Date.now() / 1000) await db1 diff --git a/src/routes/get-verify-code.ts b/src/routes/get-verify-code.ts index 7168186..4049453 100644 --- a/src/routes/get-verify-code.ts +++ b/src/routes/get-verify-code.ts @@ -62,7 +62,8 @@ export async function handler (context: Context) { .orderBy(desc(verifyCodes.id)) .limit(1) .execute() - if (codeExists[0]) + if (codeExists[0]) { + connection0.end() return jsonResponse( { success: true, @@ -71,6 +72,7 @@ export async function handler (context: Context) { }, 200 ) + } await db0.insert(verifyCodes).values({ code, ip, timestamp: time })