From 5c04186f1da738f2631689d620e70e09014c4dda Mon Sep 17 00:00:00 2001
From: Chris Johnston <githubchrisjohnston@gmail.com>
Date: Sun, 19 Aug 2018 22:25:39 -0700
Subject: [PATCH] Add input validation for bot tokens based on their length

---
 src/Discord.Net.Rest/DiscordRestApiClient.cs | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/Discord.Net.Rest/DiscordRestApiClient.cs b/src/Discord.Net.Rest/DiscordRestApiClient.cs
index 2236dbbf8..2f808cd1f 100644
--- a/src/Discord.Net.Rest/DiscordRestApiClient.cs
+++ b/src/Discord.Net.Rest/DiscordRestApiClient.cs
@@ -72,6 +72,16 @@ namespace Discord.API
                 case default(TokenType):
                     return token;
                 case TokenType.Bot:
+                    // Validate that the supplied bot token is at least 50 characters long.
+                    // Using other tokens and the ones in the discord docs as an example,
+                    // bot tokens typically appear to be 59 characters long, but it is unknown
+                    // if this is a constant.
+                    // This validation helps catch users who input the wrong type of token (bearer, client secret)
+                    // instead of a Bot token.
+                    if (token.Length <= 50)
+                    {
+                        throw new ArgumentException("Invalid Bot token length.", nameof(token));
+                    }
                     return $"Bot {token}";
                 case TokenType.Bearer:
                     return $"Bearer {token}";