ToxicMushroom/mare.server
1
0
Fork 0
mirror of https://github.com/Caraxi/mare.server.git synced 2025-12-13 14:44:15 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

block anything from user data that is not allowed to be synced

Browse source
This commit is contained in:
rootdarkarchon 2023-01-23 09:34:57 +01:00
parent 91b98d060a
commit 541f86c116
1 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
MareSynchronosServer/MareSynchronosServer/Hubs/MareHub.User.cs
View file

@ -114,6 +114,8 @@ public partial class MareHub
[GeneratedRegex(@"^([a-z0-9_ '+&,\.\-\{\}]+\/)+([a-z0-9_ '+&,\.\-\{\}]+\.[a-z]{3,4})$", RegexOptions.IgnoreCase | RegexOptions.Compiled | RegexOptions.ECMAScript)] [GeneratedRegex(@"^([a-z0-9_ '+&,\.\-\{\}]+\/)+([a-z0-9_ '+&,\.\-\{\}]+\.[a-z]{3,4})$", RegexOptions.IgnoreCase | RegexOptions.Compiled | RegexOptions.ECMAScript)]
private static partial Regex GamePathRegex(); private static partial Regex GamePathRegex();
private static readonly string[] AllowedExtensionsForGamePaths = { ".mdl", ".tex", ".mtrl", ".tmb", ".pap", ".avfx", ".atex", ".sklb", ".eid", ".phyb", ".scd", ".skp", ".shpk" };
[Authorize(Policy = "Identified")] [Authorize(Policy = "Identified")]
public async Task UserPushData(CharacterCacheDto characterCache, List<string> visibleCharacterIds) public async Task UserPushData(CharacterCacheDto characterCache, List<string> visibleCharacterIds)
{ {
@ -124,8 +126,9 @@ public partial class MareHub
List<string> invalidFileSwapPaths = new(); List<string> invalidFileSwapPaths = new();
foreach (var replacement in characterCache.FileReplacements.SelectMany(p => p.Value)) foreach (var replacement in characterCache.FileReplacements.SelectMany(p => p.Value))
{ {
var invalidPaths = replacement.GamePaths.Where(p => !GamePathRegex().IsMatch(p)).ToArray(); var invalidPaths = replacement.GamePaths.Where(p => !GamePathRegex().IsMatch(p)).ToList();
replacement.GamePaths = replacement.GamePaths.Where(p => GamePathRegex().IsMatch(p)).ToArray(); invalidPaths.AddRange(replacement.GamePaths.Where(p => !AllowedExtensionsForGamePaths.Any(e => p.EndsWith(p, StringComparison.OrdinalIgnoreCase))));
replacement.GamePaths = replacement.GamePaths.Where(p => !invalidPaths.Contains(p, StringComparer.OrdinalIgnoreCase)).ToArray();
bool validGamePaths = replacement.GamePaths.Any(); bool validGamePaths = replacement.GamePaths.Any();
bool validHash = string.IsNullOrEmpty(replacement.Hash) || HashRegex().IsMatch(replacement.Hash); bool validHash = string.IsNullOrEmpty(replacement.Hash) || HashRegex().IsMatch(replacement.Hash);
bool validFileSwapPath = string.IsNullOrEmpty(replacement.FileSwapPath) || GamePathRegex().IsMatch(replacement.FileSwapPath); bool validFileSwapPath = string.IsNullOrEmpty(replacement.FileSwapPath) || GamePathRegex().IsMatch(replacement.FileSwapPath);