Improve hash validation.

2024-11-15 01:35:17 +01:00 · 2020-07-17 21:01:49 -07:00 · 2020-07-17 21:01:49 -07:00 · e6908d9e04
commit e6908d9e04
parent c681441601
1 changed files with 10 additions and 1 deletions
--- a/lib/utils.js
+++ b/lib/utils.js
@ -11,6 +11,10 @@ export function hash(s) {
  return uuid(s, md5(process.env.HASH_SALT));
 }

+export function validHash(s) {
+  return /^[0-9a-f]{8}-[0-9a-f]{4}-[0-5][0-9a-f]{3}-[089ab][0-9a-f]{3}-[0-9a-f]{12}$/.test(s);
+}
+
 export function getIpAddress(req) {
  if (req.headers['cf-connecting-ip']) {
    return req.headers['cf-connecting-ip'];
@ -58,7 +62,12 @@ export function parseCollectRequest(req) {
      session: { website_id, session_id, time, hash: validationHash },
    } = payload;

-    if (hash(`${website_id}${session_id}${time}`) === validationHash) {
+    if (
+      validHash(website_id) &&
+      validHash(session_id) &&
+      validHash(validationHash) &&
+      hash(`${website_id}${session_id}${time}`) === validationHash
+    ) {
      return {
        valid: true,
        type,