j.brandenburger/helldivers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: XSS event delegation, match btn class, CSS height/mobile, server validation

Browse Source
This commit is contained in:
Jeremy Brandenburger
2026-03-30 14:07:36 +02:00
parent 111f93da44
commit 9995d41c49
4 changed files with 51 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server.js
+2 -1
View File
@@ -253,6 +253,7 @@ app.post('/api/change-password', requireAuth, async (req, res) => {
if (newPassword.length < 8) return res.status(400).json({ error: 'Password must be at least 8 characters' });
const user = db.prepare('SELECT * FROM users WHERE username = ?').get(req.session.user);
if (!user) return res.status(404).json({ error: 'User not found' });
const valid = await bcrypt.compare(oldPassword, user.hash);
if (!valid) return res.status(401).json({ error: 'Current password incorrect' });
@@ -380,7 +381,7 @@ app.get('/api/dashboard', requireAuth, (req, res) => {
app.post('/api/scores/practice', requireAuth, (req, res) => {
const { stratagem, category, time_ms, score } = req.body || {};
if (!VALID_NAMES.has(stratagem)) return res.status(400).json({ error: 'Invalid stratagem' });
if (typeof time_ms !== 'number' || time_ms <= 0 || time_ms > 35_000) return res.status(400).json({ error: 'Invalid time' });
if (typeof time_ms !== 'number' || time_ms <= 0 || time_ms > 31_000) return res.status(400).json({ error: 'Invalid time' });
if (typeof score !== 'number' || score < 0 || score > 15_000) return res.status(400).json({ error: 'Invalid score' });
db.prepare(`