highperfocused/nostream
1
0
Fork 0
mirror of https://github.com/Cameri/nostream.git synced 2025-03-18 05:41:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: reject sub with unsafe ints in since/until

Browse Source 
Signed-off-by: Ricardo Arturo Cabral Mejía <me@ricardocabral.io>
This commit is contained in:
Ricardo Arturo Cabral Mejía 2022-12-29 11:19:49 -05:00
parent fa1a9af088
commit fe9ad92b44
5 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/schemas/base-schema.ts
View File

@ -12,6 +12,10 @@ export const signatureSchema = Schema.string().case('lower').hex().length(128).l
export const subscriptionSchema = Schema.string().min(1).max(255).label('subscriptionId')
const seconds = (value: any, helpers: any) => (Number.isSafeInteger(value) && Math.log10(value) < 10) ? value : helpers.error('any.invalid')
export const createdAtSchema = Schema.number().min(0).multiple(1).custom(seconds)
// [<string>, <string> 0..*]
export const tagSchema = Schema.array()
.ordered(Schema.string().max(255).required().label('identifier'))

5
src/schemas/event-schema.ts
View File

@ -1,6 +1,7 @@
import Schema from 'joi'
import {
createdAtSchema,
idSchema,
kindSchema,
pubkeySchema,
@ -9,8 +10,6 @@ import {
} from './base-schema'
export const seconds = (value: any, helpers: any) => (Math.log10(value) < 10) ? value : helpers.error('any.invalid')
/**
* {
* "id": <32-bytes sha256 of the the serialized event data>
@ -30,7 +29,7 @@ export const eventSchema = Schema.object({
// NIP-01
id: idSchema.required(),
pubkey: pubkeySchema.required(),
created_at: Schema.number().min(0).multiple(1).custom(seconds).required(),
created_at: createdAtSchema.required(),
kind: kindSchema.required(),
tags: Schema.array().items(tagSchema).required(),
content: Schema.string()

6
src/schemas/filter-schema.ts
View File

@ -1,12 +1,12 @@
import Schema from 'joi'
import { kindSchema, prefixSchema } from './base-schema'
import { createdAtSchema, kindSchema, prefixSchema } from './base-schema'
export const filterSchema = Schema.object({
ids: Schema.array().items(prefixSchema.label('prefixOrId')).max(1000),
authors: Schema.array().items(prefixSchema.label('prefixOrAuthor')).max(1000),
kinds: Schema.array().items(kindSchema).max(20),
since: Schema.number().min(0).multiple(1),
until: Schema.number().min(0).multiple(1),
since: createdAtSchema,
until: createdAtSchema,
limit: Schema.number().min(0).multiple(1).max(10000),
}).pattern(/^#[a-z]$/, Schema.array().items(Schema.string().max(1024)).max(256))

1
test/unit/schemas/event-schema.spec.ts
View File

@ -84,6 +84,7 @@ describe('NIP-01', () => {
{ message: 'is required', transform: omit(['pubkey']) },
],
created_at: [
{ message: 'contains an invalid value', transform: assocPath(['created_at'], 1672295751103) },
{ message: 'must be a number', transform: assocPath(['created_at'], null) },
{ message: 'must be greater than or equal to 0', transform: assocPath(['created_at'], -1) },
{ message: 'must be a multiple of 1', transform: assocPath(['created_at'], Math.PI) },

2
test/unit/schemas/filter-schema.spec.ts
View File

@ -58,11 +58,13 @@ describe('NIP-01', () => {
{ message: 'must be a multiple of 1', transform: assocPath(['kinds', 0], Math.PI) },
],
since: [
{ message: 'contains an invalid value', transform: assocPath(['since'], 1672295751103) },
{ message: 'must be a number', transform: assocPath(['since'], null) },
{ message: 'must be greater than or equal to 0', transform: assocPath(['since'], -1) },
{ message: 'must be a multiple of 1', transform: assocPath(['since'], Math.PI) },
],
until: [
{ message: 'contains an invalid value', transform: assocPath(['until'], 1672295751103) },
{ message: 'must be a number', transform: assocPath(['until'], null) },
{ message: 'must be greater than or equal to 0', transform: assocPath(['until'], -1) },
{ message: 'must be a multiple of 1', transform: assocPath(['until'], Math.PI) },