Skip to content

Commit

Permalink
🔒️(frontend) valide ':roomId' path using a regex
Browse files Browse the repository at this point in the history
Enhanced security by ensuring users are redirected to a 404 error page if they
pass an incorrect roomId path, either intentionally or unintentionally. This is
a critical security mechanism that should be included in our MVP.

Let's discuss extracting hardcoded elements, such as lengths or
the separator, into proper constants to improve code maintainability.
I was concerned that this might make the code harder to read, it could enhance
clarity and reusability in the long term.

I prefer exposing the roomIdRegex from the same location where we generate IDs.
However, this increases the responsibility of that file. Lmk if you have any
suggestion for a better organization.

Additionally, the current 404 error page displays a 'Page not found' message for
invalid room IDs. Should we update this message to 'Invalid room name' to
provide more context to the user?
  • Loading branch information
lebaudantoine committed Jul 18, 2024
1 parent dd6d02f commit 0dd5934
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/frontend/src/App.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ import { QueryClient, QueryClientProvider } from '@tanstack/react-query'
import { Route, Switch } from 'wouter'
import { Home } from './routes/Home'
import { NotFound } from './routes/NotFound'
import { RoomRoute } from '@/features/rooms'
import { RoomRoute, roomIdRegex } from '@/features/rooms'

const queryClient = new QueryClient()

Expand All @@ -14,7 +14,7 @@ function App() {
<QueryClientProvider client={queryClient}>
<Switch>
<Route path="/" component={Home} />
<Route path="/:roomId" component={RoomRoute} />
<Route path={roomIdRegex} component={RoomRoute} />
<Route component={NotFound} />
</Switch>
<ReactQueryDevtools initialIsOpen={false} />
Expand Down
1 change: 1 addition & 0 deletions src/frontend/src/features/rooms/index.ts
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
export { navigateToNewRoom } from './navigation/navigateToNewRoom'
export { Room as RoomRoute } from './routes/Room'
export { roomIdRegex } from './utils/generateRoomId'
3 changes: 3 additions & 0 deletions src/frontend/src/features/rooms/utils/generateRoomId.ts
Original file line number Diff line number Diff line change
Expand Up @@ -25,3 +25,6 @@ export const generateRoomId = () => {
];
return parts.join('-');
}

export const roomIdRegex = /^[/](?<roomId>[a-z]{3}-[a-z]{4}-[a-z]{3})$/;

0 comments on commit 0dd5934

Please sign in to comment.