ensure client_id is provided in authorize

author: Puyodead1 <puyodead@proton.me> 2023-12-09 13:28:08 -0500
committer: Puyodead1 <puyodead@proton.me> 2023-12-09 13:28:08 -0500
commit: c353c4fd39b36f4249460591d525d1e9c6d5d7a1 (patch)
tree: 50e65b6294d2bf095bf4afc4e676c664bda05ace /src/api
parent: WORKAROUND: Ignore client-requested file extension for role icons (diff)
download: server-c353c4fd39b36f4249460591d525d1e9c6d5d7a1.tar.xz
1 files changed, 14 insertions, 0 deletions
diff --git a/src/api/routes/oauth2/authorize.ts b/src/api/routes/oauth2/authorize.ts
index 7ae6fa84..f7cec207 100644
--- a/src/api/routes/oauth2/authorize.ts
+++ b/src/api/routes/oauth2/authorize.ts
@@ -22,6 +22,7 @@ import {
 	Application,
 	ApplicationAuthorizeSchema,
 	DiscordApiErrors,
+	FieldErrors,
 	Member,
 	Permissions,
 	User,
@@ -35,6 +36,11 @@ const router = Router();
 router.get(
 	"/",
 	route({
+		query: {
+			client_id: {
+				type: "string",
+			},
+		},
 		responses: {
 			// TODO: I really didn't feel like typing all of it out
 			200: {},
@@ -49,6 +55,14 @@ router.get(
 	async (req: Request, res: Response) => {
 		// const { client_id, scope, response_type, redirect_url } = req.query;
 		const { client_id } = req.query;
+		if (!client_id) {
+			throw FieldErrors({
+				client_id: {
+					code: "BASE_TYPE_REQUIRED",
+					message: req.t("common:field.BASE_TYPE_REQUIRED"),
+				},
+			});
+		}
 
 		const app = await Application.findOne({
 			where: {
author	Puyodead1 <puyodead@proton.me>	2023-12-09 13:28:08 -0500
committer	Puyodead1 <puyodead@proton.me>	2023-12-09 13:28:08 -0500
commit	c353c4fd39b36f4249460591d525d1e9c6d5d7a1 (patch)
tree	50e65b6294d2bf095bf4afc4e676c664bda05ace /src/api
parent	WORKAROUND: Ignore client-requested file extension for role icons (diff)
download	server-c353c4fd39b36f4249460591d525d1e9c6d5d7a1.tar.xz