From 18b4bf1089b84820c98aa191e98066a2f3290ccf Mon Sep 17 00:00:00 2001 From: Miroslav Pejic Date: Sat, 4 Jan 2025 17:12:50 +0100 Subject: [PATCH] [call-me] - add username validator --- app/server.js | 31 +++++++++++++++++++++++++++++++ package.json | 2 +- public/client.js | 12 +++++++----- 3 files changed, 39 insertions(+), 6 deletions(-) diff --git a/app/server.js b/app/server.js index d183241..1ab2d04 100755 --- a/app/server.js +++ b/app/server.js @@ -156,6 +156,18 @@ app.get('/join/', (req, res) => { return unauthorized(res); } + const isValidUser = isValidUsername(user); + console.log('isValidUser', { user: user, valid: isValidUser }); + if (!isValidUser) { + return unauthorized(res); + } + + const isValidCall = isValidUsername(user); + console.log('isValidCall', { call: call, valid: isValidCall }); + if (!isValidCall) { + return unauthorized(res); + } + if (user || (user && call)) { return res.sendFile(HOME); } @@ -306,6 +318,19 @@ function handleConnection(socket) { // Function to handle user sign-in request function handleSignIn(data) { const { name } = data; + + const isValidName = isValidUsername(name); + console.log('isValidName', { username: name, valid: isValidName }); + if (!isValidName) { + sendMsgTo(socket, { + type: 'signIn', + success: false, + message: + 'Invalid username.
Allowed letters, numbers, underscores, periods, hyphens, and @. Length: 3-36 characters.', + }); + return; + } + if (!users.has(name)) { users.set(name, socket); socket.username = name; @@ -377,6 +402,12 @@ function handleConnection(socket) { } } +// Allow letters, numbers, underscores, periods, hyphens, and @. Length: 3-36 characters +function isValidUsername(username) { + const usernamePattern = /^[a-zA-Z0-9_.-@]{3,36}$/; + return usernamePattern.test(username); +} + // Function to get all connected users function getConnectedUsers() { return Array.from(users.keys()); diff --git a/package.json b/package.json index e54aadd..23d923a 100755 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "call-me", - "version": "1.0.42", + "version": "1.0.43", "description": "Your Go-To for Instant Video Calls", "author": "Miroslav Pejic - miroslav.pejic.85@gmail.com", "license": "AGPLv3", diff --git a/public/client.js b/public/client.js index 35d779f..66989d3 100755 --- a/public/client.js +++ b/public/client.js @@ -52,7 +52,7 @@ document.addEventListener('DOMContentLoaded', function () { // Handle config const elementsToHide = [ { condition: !app.showGithub, element: githubDiv }, - { condition: !app.attribution, element: attribution } + { condition: !app.attribution, element: attribution }, ]; elementsToHide.forEach(({ condition, element }) => { @@ -478,10 +478,12 @@ function handleNotFound(data) { // Handle sign-in response from the server function handleSignIn(data) { - const { success } = data; + const { success, message } = data; if (!success) { - handleError('Username already in use.
Please try a different one.'); - setTimeout(handleHangUpClick, 3000); + handleError(message); + if (!message.startsWith('Invalid username')) { + setTimeout(handleHangUpClick, 3000); + } } else { githubDiv.style.display = 'none'; attribution.style.display = 'none'; @@ -670,7 +672,7 @@ function handleLeave() { } // Handle and display errors -function handleError(message, error = false, position = 'center', timer = 4000) { +function handleError(message, error = false, position = 'center', timer = 6000) { if (error) console.error(error); sound('notify'); Swal.fire({