From 86a072bcbc93168efa7e5a7d4441912027a62d14 Mon Sep 17 00:00:00 2001
From: HyeokjinKang <coupy1024@icloud.com>
Date: Tue, 31 Oct 2023 14:38:19 +0900
Subject: [PATCH 1/3] =?UTF-8?q?fix:=20=ED=8C=8C=EC=9D=BC=EC=9D=84=20?=
 =?UTF-8?q?=EC=84=A0=ED=83=9D=ED=95=98=EC=A7=80=20=EC=95=8A=EC=9D=80=20?=
 =?UTF-8?q?=EA=B2=BD=EC=9A=B0=20loading=20overlay=EA=B0=80=20=EC=9C=A0?=
 =?UTF-8?q?=EC=A7=80=EB=90=98=EB=8A=94=20=EB=AC=B8=EC=A0=9C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 public/js/game.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/public/js/game.js b/public/js/game.js
index 949e575..afea724 100644
--- a/public/js/game.js
+++ b/public/js/game.js
@@ -2020,7 +2020,6 @@ const changeProfile = (e) => {
             input.accept = "image/*";
             input.setAttribute("onchange", `picLoaded(event, "${closedBy}")`);
             input.click();
-            loadingOverlayShow();
           }
         },
       });
@@ -2029,6 +2028,7 @@ const changeProfile = (e) => {
 };
 
 const picLoaded = async (e, type) => {
+  loadingOverlayShow();
   const file = e.target.files[0];
   if (file.type.indexOf("image") == -1) {
     loadingOverlayHide();

From 368aa15ed21f5e9cfc46d2488e86b1cd490b6ac0 Mon Sep 17 00:00:00 2001
From: HyeokjinKang <coupy1024@icloud.com>
Date: Tue, 31 Oct 2023 14:38:41 +0900
Subject: [PATCH 2/3] docs: config example update

---
 config/config_example.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/config_example.json b/config/config_example.json
index 12aa395..98887fa 100644
--- a/config/config_example.json
+++ b/config/config_example.json
@@ -3,6 +3,7 @@
     "url": "https://example.com",
     "api": "https://api.example.com",
     "cdn": "https://cdn.example.com",
+    "secretKey": "Something Random",
     "mode": "production",
     "port": 3000
   }

From 89c7dee39c5320f36d6a788a9ea991386b4e5ab9 Mon Sep 17 00:00:00 2001
From: HyeokjinKang <coupy1024@icloud.com>
Date: Tue, 31 Oct 2023 14:39:30 +0900
Subject: [PATCH 3/3] =?UTF-8?q?fix:=20SSRF=20=EC=B7=A8=EC=95=BD=EC=A0=90?=
 =?UTF-8?q?=20=ED=8C=A8=EC=B9=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/index.ts | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/index.ts b/src/index.ts
index 086138c..019ae17 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -122,6 +122,14 @@ const upload = multer({
 }).single("img");
 
 app.post("/profile/:userid/:type", async (req, res) => {
+  if (req.params.type != "picture" && req.params.type != "background") {
+    res.status(400).json({
+      result: "failed",
+      message: "Error occured while uploading",
+      error: "Invalid type",
+    });
+    return;
+  }
   upload(req, res, async (err) => {
     if (err) {
       if (err instanceof multer.MulterError) err = err.message;