hiimgoodpack/brainlet
1
0
Fork 0
forked from hippoz/brainlet
Code Issues Pull requests Projects Releases Wiki Activity

fix some DoS vulns and other stuff

Browse source
This commit is contained in:
hippoz 2020-11-21 13:29:20 +02:00
parent 03d89bca7f
commit 2c41359b9d
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
api/v1/gateway/index.js
View file

@ -39,6 +39,7 @@ GatewayServer.prototype.eventSetup = function() {
const token = socket.handshake.query.token;
if (!token) return this.authDisconnect(socket, callback);
if (!(typeof token === 'string')) return this.authDisconnect(socket, callback);
jwt.verify(token, secret.jwtPrivateKey, {}, async (err, data) => {
if (err) return this.authDisconnect(socket, callback);
@ -81,13 +82,13 @@ GatewayServer.prototype.eventSetup = function() {
socket.isConnected = true;
socket.on('message', ({ category, content }) => {
if (!category || !content || !socket.joinedCategories || !socket.isConnected || !socket.user) return;
if (!category || !content || !socket.joinedCategories || !socket.isConnected || !socket.user || !(typeof content === 'string') || !(typeof category._id === 'string')) return;
content = content.trim();
if (!content || content === '' || content === ' ' || content.length >= 2000) return;
// TODO: When/if category permissions are added, check if the user has permissions for that category
const categoryTitle = socket.joinedCategories[category._id];
if (!categoryTitle) return;
if (!categoryTitle || !(typeof categoryTitle === 'string')) return;
const messageObject = {
author: {
@ -108,7 +109,7 @@ GatewayServer.prototype.eventSetup = function() {
socket.on('subscribe', async (categories) => {
if ( !socket.isConnected || !socket.user || !categories || !Array.isArray(categories) || categories === []) return;
for (const v of categories) {
if (!v) continue;
if (!v && !(typeof v === 'string')) continue;
// TODO: When/if category permissions are added, check if the user has permissions for that category
const category = await Category.findById(v);
if (category && category.title && category._id) {