perf: prevent crash when malformed token is submitted

ZPTXDev · Dec 30, 2022 · e204860 · e204860
1 parent ec353ec
commit e204860
Showing 1 changed file with 9 additions and 4 deletions.
diff --git a/src/events/web/fetchuser.ts b/src/events/web/fetchuser.ts
@@ -17,10 +17,15 @@ export default {
         token?: string,
     ): Promise<void> {
         if (!token) return;
-        const decryptedToken = CryptoJS.AES.decrypt(
-            token,
-            settings.features.web.encryptionKey,
-        ).toString(CryptoJS.enc.Utf8);
+        let decryptedToken;
+        try {
+            decryptedToken = CryptoJS.AES.decrypt(
+                token,
+                settings.features.web.encryptionKey,
+            ).toString(CryptoJS.enc.Utf8);
+        } catch (error) {
+            return callback({ status: 'error-generic' });
+        }
         const user = await request('https://discord.com/api/users/@me', {
             headers: {
                 Authorization: decryptedToken,