From 07147975482e343139493d9a93783ad39d247206 Mon Sep 17 00:00:00 2001
From: a squid <34890855+squi-ddy@users.noreply.github.com>
Date: Tue, 29 Oct 2024 09:53:14 +0800
Subject: [PATCH] Update admin.ts

---
 backend/src/api/admin.ts | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/backend/src/api/admin.ts b/backend/src/api/admin.ts
index 83000c5..064bbcf 100644
--- a/backend/src/api/admin.ts
+++ b/backend/src/api/admin.ts
@@ -73,6 +73,14 @@ router.post("/addMoney", async (req, res) => {
         return res.status(400).json({ message: "Amount must be a string" })
     }
 
+    if (amount.lte(0)) {
+        return res.status(400).json({ message: "Amount must be positive" })
+    }
+
+    if (!amount.isFinite()) {
+        return res.status(400).json({ message: "No scamming" })
+    }
+
     // add money to user
     await sql.begin("ISOLATION LEVEL REPEATABLE READ", async (sql) => {
         // get topup