From 8414cec5d5a380430092a03fe4e6060125a426f8 Mon Sep 17 00:00:00 2001
From: justcool393 <justcool393@gmail.com>
Date: Thu, 17 Nov 2022 11:12:32 -0600
Subject: [PATCH] kofi: don't let "blahblahblah" be considered a valid token

---
 files/routes/users.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/files/routes/users.py b/files/routes/users.py
index 3425d86b1..b1d9f7ec1 100644
--- a/files/routes/users.py
+++ b/files/routes/users.py
@@ -1054,6 +1054,7 @@ def bid_list(v, bid):
 
 @app.post("/kofi")
 def kofi():
+	if not KOFI_TOKEN or KOFI_TOKEN == DEFAULT_CONFIG_VALUE: abort(404)
 	data = json.loads(request.values['data'])
 	verification_token = data['verification_token']
 	if verification_token != KOFI_TOKEN: abort(400)