notazof
/
yavsc
1
0
Fork 0
Code Issues Pull Requests Packages Projects 1 Releases Wiki Activity

share the Hub input validation

vnext
Paul Schneider 5 years ago
parent 664b911a3f
commit 982e2620c1
2 changed files with 117 additions and 75 deletions
Show Stats Download Patch File Download Diff File

83
src/Yavsc.Abstract/Chat/HubInputValidator.cs
Unescape Escape View File

@ -0,0 +1,83 @@
//
// ChatHub.cs
//
// Author:
// Paul Schneider <paul@pschneider.fr>
//
// Copyright (c) 2016-2019 GNU GPL
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Lesser General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
using System;
using System.Linq;
namespace Yavsc
{
public class HubInputValidator {
public Action<string,string,string> NotifyUser {get;set;}
public bool ValidateRoomName (string roomName)
{
bool valid = ValidateStringLength(roomName,1,25);
if (valid) valid = IsLetterOrDigit(roomName);
if (!valid) NotifyUser(NotificationTypes.Error, "roomName", ChatHub.InvalidRoomName);
return valid;
}
public bool ValidateUserName (string userName)
{
bool valid = ValidateStringLength(userName, 1,12);
if (valid) valid = IsLetterOrDigit(userName);
NotifyUser(NotificationTypes.Error, "char:"+userName.First (c => !char.IsLetterOrDigit(c)), ChatHub.InvalidUserName);
return valid;
}
public bool ValidateMessage (string message)
{
if (!ValidateStringLength(message, 1,240))
{
NotifyUser(NotificationTypes.Error, "message", ChatHub.InvalidMessage);
return false;
}
return true;
}
public bool ValidateReason (string reason)
{
if (!ValidateStringLength(reason, 1,240))
{
NotifyUser(NotificationTypes.Error, "reason", ChatHub.InvalidReason);
return false;
}
return true;
}
static bool ValidateStringLength(string str, int minLen, int maxLen)
{
if (string.IsNullOrEmpty(str))
{
if (minLen<=0) {
return true;
} else {
return false;
}
}
if (str.Length>maxLen||str.Length<minLen) return false;
return true;
}
static bool IsLetterOrDigit(string s)
{
foreach (var c in s)
if (!char.IsLetterOrDigit(c))
return false;
return true;
}
}
}

109
src/Yavsc/Hubs/ChatHub.cs
Unescape Escape View File

@ -31,6 +31,7 @@ using Microsoft.Extensions.Localization;
namespace Yavsc namespace Yavsc
{ {
using System.Collections.Generic; using System.Collections.Generic;
using System.ComponentModel.DataAnnotations; using System.ComponentModel.DataAnnotations;
using Models; using Models;
@ -38,7 +39,6 @@ namespace Yavsc
using Yavsc.Abstract.Chat; using Yavsc.Abstract.Chat;
using Yavsc.Attributes.Validation; using Yavsc.Attributes.Validation;
using Yavsc.Services; using Yavsc.Services;
public partial class ChatHub : Hub, IDisposable public partial class ChatHub : Hub, IDisposable
{ {
ApplicationDbContext _dbContext; ApplicationDbContext _dbContext;
@ -46,6 +46,8 @@ namespace Yavsc
private IStringLocalizer _localizer; private IStringLocalizer _localizer;
ILogger _logger; ILogger _logger;
public HubInputValidator HubInputValidator { get; }
public ChatHub() public ChatHub()
{ {
var scope = Startup.Services.GetRequiredService<IServiceScopeFactory>().CreateScope(); var scope = Startup.Services.GetRequiredService<IServiceScopeFactory>().CreateScope();
@ -62,7 +64,7 @@ namespace Yavsc
NotifyUser(NotificationTypes.Error, context, error); NotifyUser(NotificationTypes.Error, context, error);
}); });
_logger = loggerFactory.CreateLogger<ChatHub>(); _logger = loggerFactory.CreateLogger<ChatHub>();
HubInputValidator = new HubInputValidator { NotifyUser = this.NotifyUser };
} }
void SetUserName(string cxId, string userName) void SetUserName(string cxId, string userName)
@ -199,50 +201,12 @@ namespace Yavsc
return base.OnReconnected(); return base.OnReconnected();
} }
static bool IsLetterOrDigit(string s)
{
foreach (var c in s)
if (!char.IsLetterOrDigit(c))
return false;
return true;
}
bool ValidateRoomName (string roomName)
{
bool valid = ValidateStringLength(roomName,1,25);
if (valid) valid = IsLetterOrDigit(roomName);
if (!valid) NotifyUser(NotificationTypes.Error, "roomName", InvalidRoomName);
return valid;
}
bool ValidateUserName (string userName)
{
bool valid = ValidateStringLength(userName, 1,12);
if (valid) valid = IsLetterOrDigit(userName);
NotifyUser(NotificationTypes.Error, "char:"+userName.First (c => !char.IsLetterOrDigit(c)), InvalidUserName);
return valid;
}
bool ValidateMessage (string message)
{
if (!ValidateStringLength(message, 1,240))
{
NotifyUser(NotificationTypes.Error, "message", InvalidMessage);
return false;
}
return true;
}
bool ValidateReason (string reason)
{
if (!ValidateStringLength(reason, 1,240))
{
NotifyUser(NotificationTypes.Error, "reason", InvalidReason);
return false;
}
return true;
}
public void Nick(string nickName) public void Nick(string nickName)
{ {
if (!ValidateUserName(nickName)) return; if (!HubInputValidator.ValidateUserName(nickName)) return;
var candidate = "?" + nickName; var candidate = "?" + nickName;
if (_cxManager.IsConnected(candidate)) if (_cxManager.IsConnected(candidate))
@ -258,24 +222,12 @@ namespace Yavsc
return _cxManager.IsPresent(roomName, userName); return _cxManager.IsPresent(roomName, userName);
} }
bool ValidateStringLength(string str, int minLen, int maxLen)
{
if (string.IsNullOrEmpty(str))
{
if (minLen<=0) {
return true;
} else {
return false;
}
}
if (str.Length>maxLen||str.Length<minLen) return false;
return true;
}
public ChatRoomInfo Join(string roomName) public ChatRoomInfo Join(string roomName)
{ {
if (!ValidateRoomName(roomName)) return null; if (!HubInputValidator.ValidateRoomName(roomName)) return null;
var roomGroupName = ChatHubConstants.HubGroupRomsPrefix + roomName; var roomGroupName = ChatHubConstants.HubGroupRomsPrefix + roomName;
var user = _cxManager.GetUserName(Context.ConnectionId); var user = _cxManager.GetUserName(Context.ConnectionId);
@ -298,7 +250,7 @@ namespace Yavsc
[Authorize] [Authorize]
public void Register(string room) public void Register(string room)
{ {
if (!ValidateRoomName(room)) return ; if (!HubInputValidator.ValidateRoomName(room)) return ;
var existent = _dbContext.ChatRoom.Any(r => r.Name == room); var existent = _dbContext.ChatRoom.Any(r => r.Name == room);
if (existent) if (existent)
{ {
@ -320,19 +272,23 @@ namespace Yavsc
_dbContext.ChatRoom.Add(newroom); _dbContext.ChatRoom.Add(newroom);
_dbContext.SaveChanges(user.Id); _dbContext.SaveChanges(user.Id);
} }
[Authorize]
public void KickBan(string roomName, string userName, string reason) public void KickBan(string roomName, string userName, string reason)
{ {
if (!ValidateRoomName(roomName)) return ; if (!HubInputValidator.ValidateRoomName(roomName)) return ;
if (!ValidateUserName(userName)) return ; if (!HubInputValidator.ValidateUserName(userName)) return ;
if (!ValidateReason(reason)) return; if (!HubInputValidator.ValidateReason(reason)) return;
Kick(roomName, userName, reason); Kick(roomName, userName, reason);
Ban(roomName, userName, reason); Ban(roomName, userName, reason);
} }
[Authorize]
public void Kick(string roomName, string userName, string reason) public void Kick(string roomName, string userName, string reason)
{ {
if (!ValidateRoomName(roomName)) return ; if (!HubInputValidator.ValidateRoomName(roomName)) return ;
if (!ValidateUserName(userName)) return ; if (!HubInputValidator.ValidateUserName(userName)) return ;
if (!ValidateReason(reason)) return; if (!HubInputValidator.ValidateReason(reason)) return;
ChatRoomInfo chanInfo; ChatRoomInfo chanInfo;
var roomGroupName = ChatHubConstants.HubGroupRomsPrefix + roomName; var roomGroupName = ChatHubConstants.HubGroupRomsPrefix + roomName;
if (_cxManager.TryGetChanInfo(roomName, out chanInfo)) if (_cxManager.TryGetChanInfo(roomName, out chanInfo))
@ -353,25 +309,28 @@ namespace Yavsc
Clients.Group(roomGroupName).notifyRoom(NotificationTypes.Kick, roomName, $"{userName}: {reason}"); Clients.Group(roomGroupName).notifyRoom(NotificationTypes.Kick, roomName, $"{userName}: {reason}");
} }
[Authorize]
public void Ban(string roomName, string userName, string reason) public void Ban(string roomName, string userName, string reason)
{ {
if (!ValidateRoomName(roomName)) return ; if (!HubInputValidator.ValidateRoomName(roomName)) return ;
if (!ValidateUserName(userName)) return ; if (!HubInputValidator.ValidateUserName(userName)) return ;
if (!ValidateReason(reason)) return; if (!HubInputValidator.ValidateReason(reason)) return;
var cxIds = _cxManager.GetConnexionIds(userName); var cxIds = _cxManager.GetConnexionIds(userName);
throw new NotImplementedException(); throw new NotImplementedException();
} }
[Authorize]
public void Gline(string userName, string reason) public void Gline(string userName, string reason)
{ {
if (!ValidateUserName(userName)) return ; if (!HubInputValidator.ValidateUserName(userName)) return ;
if (!ValidateReason(reason)) return; if (!HubInputValidator.ValidateReason(reason)) return;
throw new NotImplementedException(); throw new NotImplementedException();
} }
public void Part(string roomName, string reason) public void Part(string roomName, string reason)
{ {
if (!ValidateRoomName(roomName)) return ; if (!HubInputValidator.ValidateRoomName(roomName)) return ;
if (!ValidateReason(reason)) return; if (!HubInputValidator.ValidateReason(reason)) return;
if (_cxManager.Part(Context.ConnectionId, roomName, reason)) if (_cxManager.Part(Context.ConnectionId, roomName, reason))
{ {
var roomGroupName = ChatHubConstants.HubGroupRomsPrefix + roomName; var roomGroupName = ChatHubConstants.HubGroupRomsPrefix + roomName;
@ -393,8 +352,8 @@ namespace Yavsc
public void Send(string roomName, string message) public void Send(string roomName, string message)
{ {
if (!ValidateRoomName(roomName)) return ; if (!HubInputValidator.ValidateRoomName(roomName)) return ;
if (!ValidateMessage(message)) return ; if (!HubInputValidator.ValidateMessage(message)) return ;
var groupname = ChatHubConstants.HubGroupRomsPrefix + roomName; var groupname = ChatHubConstants.HubGroupRomsPrefix + roomName;
ChatRoomInfo chanInfo ; ChatRoomInfo chanInfo ;
@ -425,8 +384,8 @@ namespace Yavsc
[Authorize] [Authorize]
public void SendPV(string userName, string message) public void SendPV(string userName, string message)
{ {
if (!ValidateUserName(userName)) return ; if (!HubInputValidator.ValidateUserName(userName)) return ;
if (!ValidateMessage(message)) return ; if (!HubInputValidator.ValidateMessage(message)) return ;
if (userName[0] != '?') if (userName[0] != '?')
if (!Context.User.IsInRole(Constants.AdminGroupName)) if (!Context.User.IsInRole(Constants.AdminGroupName))
@ -456,7 +415,7 @@ namespace Yavsc
public void SendStream(string connectionId, long streamId, string message) public void SendStream(string connectionId, long streamId, string message)
{ {
if (!ValidateMessage(message)) return; if (!HubInputValidator.ValidateMessage(message)) return;
var sender = Context.User.Identity.Name; var sender = Context.User.Identity.Name;
var cli = Clients.Client(connectionId); var cli = Clients.Client(connectionId);
cli.addStreamInfo(sender, streamId, message); cli.addStreamInfo(sender, streamId, message);

Write Preview
Loading…