From b964e0523dbbf6475db2d8858b0925f27400837d Mon Sep 17 00:00:00 2001 From: Paul Schneider Date: Tue, 18 Jun 2019 00:24:22 +0100 Subject: [PATCH] validate chathub calls --- src/Yavsc/Hubs/ChatHub.cs | 96 ++++++++++++++----- src/Yavsc/Resources/Yavsc.ChatHub.Designer.cs | 12 +++ src/Yavsc/Resources/Yavsc.ChatHub.en.resx | 1 + src/Yavsc/Resources/Yavsc.ChatHub.resx | 2 + src/Yavsc/wwwroot/js/chat.js | 12 ++- 5 files changed, 96 insertions(+), 27 deletions(-) diff --git a/src/Yavsc/Hubs/ChatHub.cs b/src/Yavsc/Hubs/ChatHub.cs index 9f1664f7..8433ee6a 100644 --- a/src/Yavsc/Hubs/ChatHub.cs +++ b/src/Yavsc/Hubs/ChatHub.cs @@ -199,12 +199,50 @@ namespace Yavsc return base.OnReconnected(); } + static bool IsLetterOrDigit(string s) + { + foreach (var c in s) + if (!char.IsLetterOrDigit(c)) + return false; + return true; + } + + bool ValidateRoomName (string roomName) + { + bool valid = ValidateStringLength(roomName,1,25); + if (valid) valid = IsLetterOrDigit(roomName); + if (!valid) NotifyUser(NotificationTypes.Error, "roomName", InvalidRoomName); + return valid; + } + bool ValidateUserName (string userName) + { + bool valid = ValidateStringLength(userName, 1,12); + if (valid) valid = IsLetterOrDigit(userName); + NotifyUser(NotificationTypes.Error, "char:"+userName.First (c => !char.IsLetterOrDigit(c)), InvalidUserName); + return valid; + } + bool ValidateMessage (string message) + { + if (!ValidateStringLength(message, 1,240)) + { + NotifyUser(NotificationTypes.Error, "message", InvalidMessage); + return false; + } + return true; + } + bool ValidateReason (string reason) + { + if (!ValidateStringLength(reason, 1,240)) + { + NotifyUser(NotificationTypes.Error, "reason", InvalidReason); + return false; + } + return true; + } + public void Nick(string nickName) { - if (!ValidateStringLength(nickName, 1,12)) - { - NotifyUser(NotificationTypes.Error, "user", InvalidUserName); - } + if (!ValidateUserName(nickName)) return; var candidate = "?" + nickName; if (_cxManager.IsConnected(candidate)) @@ -234,13 +272,10 @@ namespace Yavsc return true; } + public ChatRoomInfo Join(string roomName) { - if (!ValidateStringLength(roomName,1,25)) - { - NotifyUser(NotificationTypes.Error, "room", InvalidRoomName); - return null; - } + if (!ValidateRoomName(roomName)) return null; var roomGroupName = ChatHubConstants.HubGroupRomsPrefix + roomName; var user = _cxManager.GetUserName(Context.ConnectionId); @@ -261,8 +296,9 @@ namespace Yavsc } [Authorize] - public void Register([Required] string room) + public void Register(string room) { + if (!ValidateRoomName(room)) return ; var existent = _dbContext.ChatRoom.Any(r => r.Name == room); if (existent) { @@ -284,13 +320,19 @@ namespace Yavsc _dbContext.ChatRoom.Add(newroom); _dbContext.SaveChanges(user.Id); } - public void KickBan([Required] string roomName, [Required] string userName, [Required] string reason) + public void KickBan(string roomName, string userName, string reason) { + if (!ValidateRoomName(roomName)) return ; + if (!ValidateUserName(userName)) return ; + if (!ValidateReason(reason)) return; Kick(roomName, userName, reason); Ban(roomName, userName, reason); } - public void Kick([Required] string roomName, [Required] string userName, [Required] string reason) + public void Kick(string roomName, string userName, string reason) { + if (!ValidateRoomName(roomName)) return ; + if (!ValidateUserName(userName)) return ; + if (!ValidateReason(reason)) return; ChatRoomInfo chanInfo; var roomGroupName = ChatHubConstants.HubGroupRomsPrefix + roomName; if (_cxManager.TryGetChanInfo(roomName, out chanInfo)) @@ -311,18 +353,25 @@ namespace Yavsc Clients.Group(roomGroupName).notifyRoom(NotificationTypes.Kick, roomName, $"{userName}: {reason}"); } - public void Ban([Required] string roomName, [Required] string userName, [Required] string reason) + public void Ban(string roomName, string userName, string reason) { + if (!ValidateRoomName(roomName)) return ; + if (!ValidateUserName(userName)) return ; + if (!ValidateReason(reason)) return; var cxIds = _cxManager.GetConnexionIds(userName); throw new NotImplementedException(); } - public void Gline([Required] string userName, [Required] string reason) + public void Gline(string userName, string reason) { + if (!ValidateUserName(userName)) return ; + if (!ValidateReason(reason)) return; throw new NotImplementedException(); } - public void Part([Required] string roomName, [Required] string reason) + public void Part(string roomName, string reason) { + if (!ValidateRoomName(roomName)) return ; + if (!ValidateReason(reason)) return; if (_cxManager.Part(Context.ConnectionId, roomName, reason)) { var roomGroupName = ChatHubConstants.HubGroupRomsPrefix + roomName; @@ -342,8 +391,11 @@ namespace Yavsc _logger.LogError($"NotifyErrorToCallerInRoom: {room}, {reason}"); } - public void Send([Required] string roomName, [Required] string message) + public void Send(string roomName, string message) { + if (!ValidateRoomName(roomName)) return ; + if (!ValidateMessage(message)) return ; + var groupname = ChatHubConstants.HubGroupRomsPrefix + roomName; ChatRoomInfo chanInfo ; if (!_cxManager.TryGetChanInfo(roomName, out chanInfo)) @@ -371,13 +423,10 @@ namespace Yavsc } [Authorize] - public void SendPV([Required] string userName, [Required] string message) + public void SendPV(string userName, string message) { - if (string.IsNullOrWhiteSpace(userName)) - { - NotifyUser(NotificationTypes.Error, "none!", "specify an user."); - return; - } + if (!ValidateUserName(userName)) return ; + if (!ValidateMessage(message)) return ; if (userName[0] != '?') if (!Context.User.IsInRole(Constants.AdminGroupName)) @@ -405,8 +454,9 @@ namespace Yavsc [Authorize] - public void SendStream([Required] string connectionId, long streamId, [Required] string message) + public void SendStream(string connectionId, long streamId, string message) { + if (!ValidateMessage(message)) return; var sender = Context.User.Identity.Name; var cli = Clients.Client(connectionId); cli.addStreamInfo(sender, streamId, message); diff --git a/src/Yavsc/Resources/Yavsc.ChatHub.Designer.cs b/src/Yavsc/Resources/Yavsc.ChatHub.Designer.cs index 50e2ac50..8ed93b2f 100644 --- a/src/Yavsc/Resources/Yavsc.ChatHub.Designer.cs +++ b/src/Yavsc/Resources/Yavsc.ChatHub.Designer.cs @@ -66,5 +66,17 @@ namespace Yavsc { return ResourceManager.GetString("InvalidUserName", resourceCulture); } } + + public static string InvalidMessage { + get { + return ResourceManager.GetString("InvalidMessage", resourceCulture); + } + } + + public static string InvalidReason { + get { + return ResourceManager.GetString("InvalidReason", resourceCulture); + } + } } } diff --git a/src/Yavsc/Resources/Yavsc.ChatHub.en.resx b/src/Yavsc/Resources/Yavsc.ChatHub.en.resx index 7f7eed5c..629178c7 100644 --- a/src/Yavsc/Resources/Yavsc.ChatHub.en.resx +++ b/src/Yavsc/Resources/Yavsc.ChatHub.en.resx @@ -65,4 +65,5 @@ could not send to channel (not joint) Invalid room name Invalid user name + invalid Reason diff --git a/src/Yavsc/Resources/Yavsc.ChatHub.resx b/src/Yavsc/Resources/Yavsc.ChatHub.resx index 97e25c10..45291c18 100644 --- a/src/Yavsc/Resources/Yavsc.ChatHub.resx +++ b/src/Yavsc/Resources/Yavsc.ChatHub.resx @@ -65,5 +65,7 @@ Envoi impossible: vous devez joindre le canal pour y contribuer. Nom de salon invalide Nom d'utilisateur invalide + Message invalide + Raison invalide \ No newline at end of file diff --git a/src/Yavsc/wwwroot/js/chat.js b/src/Yavsc/wwwroot/js/chat.js index 192890b4..67e251ba 100644 --- a/src/Yavsc/wwwroot/js/chat.js +++ b/src/Yavsc/wwwroot/js/chat.js @@ -110,8 +110,10 @@ window.ChatHubHandler = (function ($) { }; var setChanInfo = function (chanInfo) { - var chanId = 'r' + chanInfo.Name; - $('#tv_' + chanId).replaceWith(chanInfo.Topic); + if (chanInfo) { + var chanId = 'r' + chanInfo.Name; + $('#tv_' + chanId).replaceWith(chanInfo.Topic); + } } var setActiveChan = function (chanId) { @@ -130,8 +132,10 @@ window.ChatHubHandler = (function ($) { function join(roomName) { chat.server.join(roomName).done(function (chatInfo) { - setChanInfo(chatInfo); - setActiveChan('r'+chatInfo.Name); + if (chatInfo) { + setChanInfo(chatInfo); + setActiveChan('r'+chatInfo.Name); + } }); }