#1: Disallow to query invalid Mojang usernames

This commit is contained in:
ErickSkrauch 2019-04-20 19:51:55 +03:00
parent b1e18d0d01
commit 96af45b2a1
2 changed files with 19 additions and 1 deletions

View File

@ -1,6 +1,7 @@
package queue
import (
"regexp"
"strings"
"sync"
"time"
@ -15,6 +16,9 @@ var forever = func() bool {
return true
}
// https://help.mojang.com/customer/portal/articles/928638
var allowedUsernamesRegex = regexp.MustCompile(`^[\w_]{3,16}$`)
type JobsQueue struct {
Storage Storage
@ -31,6 +35,14 @@ func (ctx *JobsQueue) GetTexturesForUsername(username string) chan *mojang.Signe
})
responseChan := make(chan *mojang.SignedTexturesResponse)
if !allowedUsernamesRegex.MatchString(username) {
go func() {
responseChan <- nil
close(responseChan)
}()
return responseChan
}
cachedResult := ctx.Storage.Get(username)
if cachedResult != nil {

View File

@ -3,6 +3,7 @@ package queue
import (
"crypto/rand"
"encoding/base64"
"strings"
"time"
"github.com/elyby/chrly/api/mojang"
@ -251,6 +252,11 @@ func (suite *QueueTestSuite) TestHandle429ResponseWhenRequestingUsersTextures()
suite.Assert().Nil(<-resultChan)
}
func (suite *QueueTestSuite) TestReceiveTexturesForNotAllowedMojangUsername() {
resultChan := suite.Queue.GetTexturesForUsername("Not allowed")
suite.Assert().Nil(<-resultChan)
}
func TestJobsQueueSuite(t *testing.T) {
suite.Run(t, new(QueueTestSuite))
}
@ -259,7 +265,7 @@ func TestJobsQueueSuite(t *testing.T) {
func randStr(len int) string {
buff := make([]byte, len)
_, _ = rand.Read(buff)
str := base64.StdEncoding.EncodeToString(buff)
str := strings.ReplaceAll(base64.URLEncoding.EncodeToString(buff), "-", "_")
// Base 64 can be longer than len
return str[:len]