From be62fc939a04bc3090c6bdf795dee2ae1d57014f Mon Sep 17 00:00:00 2001
From: maru <maru@myyahoo.com>
Date: Fri, 29 Dec 2023 15:12:57 -0500
Subject: [PATCH] Add token length check to account info handler

---
 api/account.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/api/account.go b/api/account.go
index 7e3160b..ddbadf6 100644
--- a/api/account.go
+++ b/api/account.go
@@ -41,6 +41,11 @@ func (s *Server) HandleAccountInfo(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	if len(token) != 32 {
+		http.Error(w, "invalid token", http.StatusBadRequest)
+		return
+	}
+
 	username, err := db.GetUsernameFromToken(token)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)