Improve hash validation.

lib/utils.js

@@ -11,6 +11,10 @@ export function hash(s) {
   return uuid(s, md5(process.env.HASH_SALT));
 }
 
+export function validHash(s) {
+  return /^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$/.test(s);
+}
+
 export function getIpAddress(req) {
   if (req.headers['cf-connecting-ip']) {
     return req.headers['cf-connecting-ip'];
@@ -58,7 +62,12 @@ export function parseCollectRequest(req) {
       session: { website_id, session_id, time, hash: validationHash },
     } = payload;
 
-    if (hash(`${website_id}${session_id}${time}`) === validationHash) {
+    if (
+      validHash(website_id) &&
+      validHash(session_id) &&
+      validHash(validationHash) &&
+      hash(`${website_id}${session_id}${time}`) === validationHash
+    ) {
       return {
         valid: true,
         type,