From 8fc01ba138763d4fdd33ae2db577a938074c406c Mon Sep 17 00:00:00 2001
From: Michael C <michael@mchang.name>
Date: Thu, 22 Sep 2022 20:30:10 -0400
Subject: [PATCH 1/2] add fast fails for local and gumroad license keys

---
 src/routes/verifyToken.ts | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/routes/verifyToken.ts b/src/routes/verifyToken.ts
index 55b6faa..ac5b5f7 100644
--- a/src/routes/verifyToken.ts
+++ b/src/routes/verifyToken.ts
@@ -41,6 +41,12 @@ export async function verifyTokenRequest(req: VerifyTokenRequest, res: Response)
         }
     } else {
         // Check Local
+        const localRegex = new RegExp(/[a-zA-Z0-9]{40}/);
+        if (!localRegex.test(licenseKey)) {
+            return res.status(200).send({
+                allowed: false
+            });
+        }
         const result = await privateDB.prepare("get", `SELECT "licenseKey" from "licenseKeys" WHERE "licenseKey" = ?`, [licenseKey]);
         if (result) {
             return res.status(200).send({
@@ -48,6 +54,12 @@ export async function verifyTokenRequest(req: VerifyTokenRequest, res: Response)
             });
         } else {
             // Gumroad
+            const gumRoadRegex = new RegExp(/[A-Z0-9-]{35}/);
+            if (gumRoadRegex.test(licenseKey)) { // check against regex
+                return res.status(200).send({
+                    allowed: false
+                });
+            }
             return res.status(200).send({
                 allowed: await checkAllGumroadProducts(licenseKey)
             });

From 551e1031581692e664e853fbc197e6eee25bbac5 Mon Sep 17 00:00:00 2001
From: Michael C <michael@mchang.name>
Date: Sat, 24 Sep 2022 20:13:35 -0400
Subject: [PATCH 2/2] add tregex for both patreon and gumroad

---
 src/routes/verifyToken.ts | 18 ++++++------------
 1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/src/routes/verifyToken.ts b/src/routes/verifyToken.ts
index ac5b5f7..59910ef 100644
--- a/src/routes/verifyToken.ts
+++ b/src/routes/verifyToken.ts
@@ -18,6 +18,12 @@ export async function verifyTokenRequest(req: VerifyTokenRequest, res: Response)
     if (!licenseKey) {
         return res.status(400).send("Invalid request");
     }
+    const licenseRegex = new RegExp(/[a-zA-Z0-9]{40}|[A-Z0-9-]{35}/);
+    if (!licenseRegex.test(licenseKey)) {
+        return res.status(200).send({
+            allowed: false
+        });
+    }
 
     const tokens = (await privateDB.prepare("get", `SELECT "accessToken", "refreshToken", "expiresIn" from "oauthLicenseKeys" WHERE "licenseKey" = ?`
         , [licenseKey])) as {accessToken: string, refreshToken: string, expiresIn: number};
@@ -41,12 +47,6 @@ export async function verifyTokenRequest(req: VerifyTokenRequest, res: Response)
         }
     } else {
         // Check Local
-        const localRegex = new RegExp(/[a-zA-Z0-9]{40}/);
-        if (!localRegex.test(licenseKey)) {
-            return res.status(200).send({
-                allowed: false
-            });
-        }
         const result = await privateDB.prepare("get", `SELECT "licenseKey" from "licenseKeys" WHERE "licenseKey" = ?`, [licenseKey]);
         if (result) {
             return res.status(200).send({
@@ -54,12 +54,6 @@ export async function verifyTokenRequest(req: VerifyTokenRequest, res: Response)
             });
         } else {
             // Gumroad
-            const gumRoadRegex = new RegExp(/[A-Z0-9-]{35}/);
-            if (gumRoadRegex.test(licenseKey)) { // check against regex
-                return res.status(200).send({
-                    allowed: false
-                });
-            }
             return res.status(200).send({
                 allowed: await checkAllGumroadProducts(licenseKey)
             });