Prevent crash when category-voting on invalid UUID

src/routes/voteOnSponsorTime.js

@@ -21,6 +21,13 @@ function categoryVote(UUID, userID, isVIP, category, hashedIP, res) {
         return;
     }
 
+    let currentCategory = db.prepare("select category from sponsorTimes where UUID = ?").get(UUID);
+    if (!currentCategory) {
+        // Submission doesn't exist
+        res.status("400").send("Submission doesn't exist.");
+        return;
+    }
+
     let timeSubmitted = Date.now();
 
     let voteAmount = isVIP ? 500 : 1;
@@ -44,8 +51,7 @@ function categoryVote(UUID, userID, isVIP, category, hashedIP, res) {
         privateDB.prepare("insert into categoryVotes (UUID, userID, hashedIP, category, timeSubmitted) values (?, ?, ?, ?, ?)").run(UUID, userID, hashedIP, category, timeSubmitted);
     }
 
-    // See if the submissions categort is ready to change
+    // See if the submissions category is ready to change
-    let currentCategory = db.prepare("select category from sponsorTimes where UUID = ?").get(UUID);
     let currentCategoryInfo = db.prepare("select votes from categoryVotes where UUID = ? and category = ?").get(UUID, currentCategory.category);
 
     // Change this value from 1 in the future to make it harder to change categories

test/cases/voteOnSponsorTime.js

@@ -127,6 +127,19 @@ describe('voteOnSponsorTime', () => {
     });
   });
 
+  it('Should not be able to category-vote on an invalid UUID submission', (done) => {
+    request.get(utils.getbaseURL() 
+     + "/api/voteOnSponsorTime?userID=randomID3&UUID=invalid-uuid&category=intro", null, 
+      (err, res, body) => {
+        if (err) done(err);
+        else if (res.statusCode === 400) {
+          done();
+        } else {
+          done("Status code was " + res.statusCode + " instead of 400.");
+        }
+    });
+  });
+
   it('Non-VIP should not be able to upvote "dead" submission', (done) => {
     request.get(utils.getbaseURL() 
      + "/api/voteOnSponsorTime?userID=randomID2&UUID=vote-uuid-5&type=1", null,