From e90c8cd36cae225c598eddcb03dadeeea4c900bf Mon Sep 17 00:00:00 2001 From: Elijah R Date: Fri, 12 Jul 2024 21:20:37 -0400 Subject: [PATCH] actual username validation lol --- server/src/client.ts | 21 ++++++++++++++++++++- webapp/config.ts | 2 +- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/server/src/client.ts b/server/src/client.ts index fb9372e..9b54e59 100644 --- a/server/src/client.ts +++ b/server/src/client.ts @@ -102,7 +102,18 @@ export class Client extends EventEmitter { this.socket.close(); return; } - let username = htmlentities.encode(joinMsg.data.username); + let username = joinMsg.data.username.trim(); + if (!validateUsername(username)) { + let msg: MSAgentErrorMessage = { + op: MSAgentProtocolMessageType.Error, + data: { + error: "Usernames can contain only numbers, letters, spaces, dashes, underscores, and dots, and it must be between 3 and 20 characters." + } + }; + await this.send(msg); + this.socket.close(); + return; + } if (this.room.config.bannedWords.some(w => username.indexOf(w) !== -1)) { this.socket.close(); return; @@ -214,4 +225,12 @@ export class Client extends EventEmitter { } } } +} + +function validateUsername(username: string) { + return ( + username.length >= 3 && + username.length <= 20 && + /^[a-zA-Z0-9\ \-\_\.]+$/.test(username) + ); } \ No newline at end of file diff --git a/webapp/config.ts b/webapp/config.ts index bd75dce..06542ef 100644 --- a/webapp/config.ts +++ b/webapp/config.ts @@ -1,4 +1,4 @@ export const Config = { // The server address for the webapp to connect to. The below default is the same address the webapp is hosted at. - serverAddress: `${window.location.protocol}//${window.location.host}` + serverAddress: `http://127.0.0.1:3000` } \ No newline at end of file