System-End/scraps
1
0
Fork 0
mirror of https://github.com/System-End/scraps.git synced 2026-04-20 00:25:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: remove broken bonus validation and require positive integer

Browse source 
dangling `if (Number(amount))` was a no-op, removed it and
tightened the check to reject negative/decimal/infinite values
This commit is contained in:
End Nightshade 2026-02-16 19:00:38 -07:00
parent 3a31660c38
commit fb5b019cac
No known key found for this signature in database
1 changed files with 2 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
backend/src/routes/admin.ts
View file

@ -313,12 +313,10 @@ admin.post('/users/:id/bonus', async ({ params, body, headers, status }) => {
const { amount, reason } = body as { amount: number; reason: string }
if (!amount || typeof amount !== 'number') {
return status(400, { error: 'Amount is required and must be a number' })
if (!amount || typeof amount !== 'number' || !Number.isFinite(amount) || !Number.isInteger(amount) || amount <= 0) {
return status(400, { error: 'Amount is required and must be a positive integer' })
}
if (Number(amount))
if (!reason || typeof reason !== 'string' || reason.trim().length === 0) {
return status(400, { error: 'Reason is required' })
}