From 98b9f097d02b62d16a0ca171793b844372dd703b Mon Sep 17 00:00:00 2001
From: Jennifer Taylor <dragonminded@dragonminded.com>
Date: Sat, 11 May 2024 18:36:52 +0000
Subject: [PATCH] Fix crash on attempted exploit of API server.

---
 bemani/api/app.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bemani/api/app.py b/bemani/api/app.py
index 25f37fd..8e736b9 100644
--- a/bemani/api/app.py
+++ b/bemani/api/app.py
@@ -46,7 +46,7 @@ def before_request() -> None:
             authtype = None
             authtoken = None
 
-        if authtype.lower() == "token":
+        if authtype is not None and authtoken is not None and authtype.lower() == "token":
             g.authorized = g.data.local.api.validate_client(authtoken)