add validation for express :content_id parameter

This commit is contained in:
Brian Gough 2021-05-13 14:56:15 +01:00
parent b456ea726d
commit ff2175e727
3 changed files with 26 additions and 1 deletions

View file

@ -29,6 +29,7 @@ Metrics.memory.monitor(logger)
const ProjectPersistenceManager = require('./app/js/ProjectPersistenceManager')
const OutputCacheManager = require('./app/js/OutputCacheManager')
const ContentCacheManager = require('./app/js/ContentCacheManager')
require('./app/js/db').sync()
@ -76,6 +77,26 @@ app.param('build_id', function (req, res, next, buildId) {
}
})
app.param('contentId', function (req, res, next, contentId) {
if (
contentId != null
? contentId.match(OutputCacheManager.CONTENT_REGEX)
: undefined
) {
return next()
} else {
return next(new Error(`invalid content id ${contentId}`))
}
})
app.param('hash', function (req, res, next, hash) {
if (hash != null ? hash.match(ContentCacheManager.HASH_REGEX) : undefined) {
return next()
} else {
return next(new Error(`invalid hash ${hash}`))
}
})
app.post(
'/project/:project_id/compile',
bodyParser.json({ limit: Settings.compileSizeLimit }),

View file

@ -115,4 +115,7 @@ async function writePdfStream(dir, hash, buffers) {
return true
}
module.exports = { update: callbackify(update) }
module.exports = {
HASH_REGEX: /^[0-9a-f]{64}$/,
update: callbackify(update)
}

View file

@ -34,6 +34,7 @@ module.exports = OutputCacheManager = {
// build id is HEXDATE-HEXRANDOM from Date.now()and RandomBytes
// for backwards compatibility, make the randombytes part optional
BUILD_REGEX: /^[0-9a-f]+(-[0-9a-f]+)?$/,
CONTENT_REGEX: /^[0-9a-f]+(-[0-9a-f]+)?$/,
CACHE_LIMIT: 2, // maximum number of cache directories
CACHE_AGE: 60 * 60 * 1000, // up to one hour old