diff --git a/internal/signaling/stores/postgres.go b/internal/signaling/stores/postgres.go index c5b74b4..fa3a428 100644 --- a/internal/signaling/stores/postgres.go +++ b/internal/signaling/stores/postgres.go @@ -141,6 +141,16 @@ func (s *PostgresStore) Publish(ctx context.Context, topic string, data []byte) } func (s *PostgresStore) CreateLobby(ctx context.Context, game, lobbyCode, peerID string) error { + if len(lobbyCode) > 20 { + logger := logging.GetLogger(ctx) + logger.Warn("lobby code too long", zap.String("lobbyCode", lobbyCode)) + return ErrInvalidLobbyCode + } + if len(peerID) > 20 { + logger := logging.GetLogger(ctx) + logger.Warn("peer id too long", zap.String("peerID", peerID)) + return ErrInvalidPeerID + } res, err := s.DB.Exec(ctx, ` INSERT INTO lobbies (code, game, public) VALUES ($1, $2, true) @@ -156,6 +166,11 @@ func (s *PostgresStore) CreateLobby(ctx context.Context, game, lobbyCode, peerID } func (s *PostgresStore) JoinLobby(ctx context.Context, game, lobbyCode, peerID string) ([]string, error) { + if len(peerID) > 20 { + logger := logging.GetLogger(ctx) + logger.Warn("peer id too long", zap.String("peerID", peerID)) + return nil, ErrInvalidPeerID + } tx, err := s.DB.Begin(ctx) if err != nil { return nil, err @@ -284,6 +299,13 @@ func (s *PostgresStore) ListLobbies(ctx context.Context, game, filter string) ([ } func (s *PostgresStore) TimeoutPeer(ctx context.Context, peerID, secret, gameID string, lobbies []string) error { + + if len(peerID) > 20 { + logger := logging.GetLogger(ctx) + logger.Warn("peer id too long", zap.String("peerID", peerID)) + return ErrInvalidPeerID + } + now := util.Now(ctx) _, err := s.DB.Exec(ctx, ` INSERT INTO timeouts (peer, secret, game, lobbies, created_at, updated_at) diff --git a/internal/signaling/stores/shared.go b/internal/signaling/stores/shared.go index 172a2dc..cd7d1ce 100644 --- a/internal/signaling/stores/shared.go +++ b/internal/signaling/stores/shared.go @@ -10,6 +10,8 @@ var ErrAlreadyInLobby = errors.New("peer already in lobby") var ErrLobbyExists = errors.New("lobby already exists") var ErrNotFound = errors.New("lobby not found") var ErrNoSuchTopic = errors.New("no such topic") +var ErrInvalidLobbyCode = errors.New("invalid lobby code") +var ErrInvalidPeerID = errors.New("invalid peer id") type SubscriptionCallback func(context.Context, []byte)