From 8c2b1724ea76192a65748a03460c51e942561763 Mon Sep 17 00:00:00 2001 From: Koen Bollen Date: Wed, 30 Aug 2023 11:15:50 +0200 Subject: [PATCH] Add len checks for lobby and peer ids (#53) We are getting some weird errors in our database that are exceeding the type length. This should help us learn more about the issue. --- internal/signaling/stores/postgres.go | 22 ++++++++++++++++++++++ internal/signaling/stores/shared.go | 2 ++ 2 files changed, 24 insertions(+) diff --git a/internal/signaling/stores/postgres.go b/internal/signaling/stores/postgres.go index c5b74b4..fa3a428 100644 --- a/internal/signaling/stores/postgres.go +++ b/internal/signaling/stores/postgres.go @@ -141,6 +141,16 @@ func (s *PostgresStore) Publish(ctx context.Context, topic string, data []byte) } func (s *PostgresStore) CreateLobby(ctx context.Context, game, lobbyCode, peerID string) error { + if len(lobbyCode) > 20 { + logger := logging.GetLogger(ctx) + logger.Warn("lobby code too long", zap.String("lobbyCode", lobbyCode)) + return ErrInvalidLobbyCode + } + if len(peerID) > 20 { + logger := logging.GetLogger(ctx) + logger.Warn("peer id too long", zap.String("peerID", peerID)) + return ErrInvalidPeerID + } res, err := s.DB.Exec(ctx, ` INSERT INTO lobbies (code, game, public) VALUES ($1, $2, true) @@ -156,6 +166,11 @@ func (s *PostgresStore) CreateLobby(ctx context.Context, game, lobbyCode, peerID } func (s *PostgresStore) JoinLobby(ctx context.Context, game, lobbyCode, peerID string) ([]string, error) { + if len(peerID) > 20 { + logger := logging.GetLogger(ctx) + logger.Warn("peer id too long", zap.String("peerID", peerID)) + return nil, ErrInvalidPeerID + } tx, err := s.DB.Begin(ctx) if err != nil { return nil, err @@ -284,6 +299,13 @@ func (s *PostgresStore) ListLobbies(ctx context.Context, game, filter string) ([ } func (s *PostgresStore) TimeoutPeer(ctx context.Context, peerID, secret, gameID string, lobbies []string) error { + + if len(peerID) > 20 { + logger := logging.GetLogger(ctx) + logger.Warn("peer id too long", zap.String("peerID", peerID)) + return ErrInvalidPeerID + } + now := util.Now(ctx) _, err := s.DB.Exec(ctx, ` INSERT INTO timeouts (peer, secret, game, lobbies, created_at, updated_at) diff --git a/internal/signaling/stores/shared.go b/internal/signaling/stores/shared.go index 172a2dc..cd7d1ce 100644 --- a/internal/signaling/stores/shared.go +++ b/internal/signaling/stores/shared.go @@ -10,6 +10,8 @@ var ErrAlreadyInLobby = errors.New("peer already in lobby") var ErrLobbyExists = errors.New("lobby already exists") var ErrNotFound = errors.New("lobby not found") var ErrNoSuchTopic = errors.New("no such topic") +var ErrInvalidLobbyCode = errors.New("invalid lobby code") +var ErrInvalidPeerID = errors.New("invalid peer id") type SubscriptionCallback func(context.Context, []byte)