shmup/colabbd
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add room name validation to prevent DoS

Browse source
This commit is contained in:
Jared Miller 2026-01-27 17:55:40 -05:00
parent dcd97a451f
commit bad4cdac51
Signed by: shmup
GPG key ID: 22B5C6D66A38B06C
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
src/index.ts
View file

@ -8,6 +8,12 @@ import {
const PORT = Number(process.env.PORT) || 4040;
function isValidRoomName(name: unknown): name is string {
if (typeof name !== "string") return false;
if (name.length === 0 || name.length > 64) return false;
return /^[a-zA-Z0-9_-]+$/.test(name);
}
Bun.serve({
port: PORT,
fetch(req, server) {
@ -40,6 +46,12 @@ Bun.serve({
switch (msg.type) {
case "join": {
if (!isValidRoomName(msg.room)) {
ws.send(
JSON.stringify({ type: "error", message: "invalid room name" }),
);
break;
}
const session = getOrCreateSession(msg.room);
ws.data.room = msg.room;
session.join(client);