back-end: Enforce max-length of user-input phrase

This commit is contained in:
Stephen Seo 2022-04-27 14:11:02 +09:00
parent edd3b0c65c
commit 665dff94fe
2 changed files with 18 additions and 2 deletions

View file

@ -6,7 +6,10 @@
//This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
//
//You should have received a copy of the GNU General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.
use crate::db_handler::{CheckPairingType, DBHandlerRequest, GetIDSenderType};
use crate::{
constants::BACKEND_PHRASE_MAX_LENGTH,
db_handler::{CheckPairingType, DBHandlerRequest, GetIDSenderType},
};
use std::{
sync::mpsc::{sync_channel, SyncSender},
@ -40,8 +43,19 @@ fn handle_pairing_request(root: Value, tx: SyncSender<DBHandlerRequest>) -> Resu
let (player_tx, player_rx) = sync_channel::<GetIDSenderType>(1);
let mut phrase: Option<String> = None;
if let Some(phrase_text) = root.get("phrase") {
if let Some(phrase_str) = phrase_text.as_str() {
if let Some(mut phrase_str) = phrase_text.as_str() {
if !phrase_str.is_empty() {
if phrase_str.len() > BACKEND_PHRASE_MAX_LENGTH {
let mut idx = BACKEND_PHRASE_MAX_LENGTH;
while idx > 0 && !phrase_str.is_char_boundary(idx) {
idx -= 1;
}
if idx == 0 {
phrase_str = "";
} else {
phrase_str = phrase_str.split_at(idx).0;
}
}
phrase = Some(phrase_str.to_owned());
}
}

View file

@ -23,6 +23,8 @@ pub const PLAYER_CLEANUP_TIMEOUT: u64 = 300;
pub const BACKEND_TICK_DURATION_MILLIS: i32 = 500;
pub const BACKEND_CLEANUP_INTERVAL_SECONDS: u64 = 120;
pub const BACKEND_PHRASE_MAX_LENGTH: usize = 128;
// TODO: Change this to "https://asdm.seodisparate.com/api" when backend is installed
#[cfg(debug_assertions)]
pub const BACKEND_URL: &str = "http://testlocalhost/api";