[mirotalk] - fix: guard roomAction against invalid data and non-existent room

2026-03-13 22:54:39 +01:00
parent d7288b2d5b
commit 6aa749aaf6
3 changed files with 14 additions and 6 deletions
@@ -1581,11 +1581,19 @@ io.sockets.on('connect', async (socket) => {
        // Prevent XSS injection
        const config = checkXSS(cfg);

-        if (!Validate.isValidData(config)) return;
+        if (!Validate.isValidData(config)) {
+            log.warn('Room action invalid data', { peer_id: socket.id, room_id: socket.room_id });
+            return;
+        }

        //log.debug('[' + socket.id + '] Room action:', config);
        const { room_id, peer_id, peer_name, peer_uuid, password, action } = config;

+        if (!peers[room_id]) {
+            log.warn('Room action room not found', { peer_id: socket.id, room_id });
+            return;
+        }
+
        // Check if peer is presenter
        const isPresenter = isPeerPresenter(room_id, peer_id, peer_name, peer_uuid);

@@ -30,7 +30,7 @@
                "jsdom": "^28.1.0",
                "jsonwebtoken": "^9.0.3",
                "nodemailer": "^8.0.2",
-                "openai": "^6.27.0",
+                "openai": "^6.29.0",
                "qs": "^6.15.0",
                "socket.io": "^4.8.3",
                "swagger-ui-express": "^5.0.1",
@@ -5203,9 +5203,9 @@
            }
        },
        "node_modules/openai": {
-            "version": "6.27.0",
-            "resolved": "https://registry.npmjs.org/openai/-/openai-6.27.0.tgz",
-            "integrity": "sha512-osTKySlrdYrLYTt0zjhY8yp0JUBmWDCN+Q+QxsV4xMQnnoVFpylgKGgxwN8sSdTNw0G4y+WUXs4eCMWpyDNWZQ==",
+            "version": "6.29.0",
+            "resolved": "https://registry.npmjs.org/openai/-/openai-6.29.0.tgz",
+            "integrity": "sha512-YxoArl2BItucdO89/sN6edksV0x47WUTgkgVfCgX7EuEMhbirENsgYe5oO4LTjBL9PtdKtk2WqND1gSLcTd2yw==",
            "license": "Apache-2.0",
            "bin": {
                "openai": "bin/cli"
@@ -62,7 +62,7 @@
        "jsdom": "^28.1.0",
        "jsonwebtoken": "^9.0.3",
        "nodemailer": "^8.0.2",
-        "openai": "^6.27.0",
+        "openai": "^6.29.0",
        "qs": "^6.15.0",
        "socket.io": "^4.8.3",
        "swagger-ui-express": "^5.0.1",