Open robbmanes opened 1 year ago
Is there a compelling reason to allow ppl to register before their steamid64 has banked seeding time? If the system only allowed registering against steamid64 ids that were already in the db table then I don't think further validation would be necessary.
Yes; theoretically, when users can grant VIP to each other (https://github.com/glows-battlegrounds/GlowBot/issues/19) having them pre-registered allows them to receive and check it via discord interface. In the grand scheme of things, having the discord<->steamid64 relationship for other uses is helpful IMO beyond just seeding re: future plans, so it was deliberate on my part, but in it's current rendition you're very correct that it serves no additional purpose.
Describe the bug It is possible, as there is no input validation for the steam ID input, to break
/hll register
if an improper steam64id format is input. This input needs sanitization and checking.Additional context Discussed in further detail here: https://github.com/glows-battlegrounds/GlowBot/pull/14#discussion_r1166798408