From 96af45b2a1dfe064de282432c8067eadaeac0a2a Mon Sep 17 00:00:00 2001 From: ErickSkrauch Date: Sat, 20 Apr 2019 19:51:55 +0300 Subject: [PATCH] #1: Disallow to query invalid Mojang usernames --- api/mojang/queue/queue.go | 12 ++++++++++++ api/mojang/queue/queue_test.go | 8 +++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/api/mojang/queue/queue.go b/api/mojang/queue/queue.go index 515dde9..fb83462 100644 --- a/api/mojang/queue/queue.go +++ b/api/mojang/queue/queue.go @@ -1,6 +1,7 @@ package queue import ( + "regexp" "strings" "sync" "time" @@ -15,6 +16,9 @@ var forever = func() bool { return true } +// https://help.mojang.com/customer/portal/articles/928638 +var allowedUsernamesRegex = regexp.MustCompile(`^[\w_]{3,16}$`) + type JobsQueue struct { Storage Storage @@ -31,6 +35,14 @@ func (ctx *JobsQueue) GetTexturesForUsername(username string) chan *mojang.Signe }) responseChan := make(chan *mojang.SignedTexturesResponse) + if !allowedUsernamesRegex.MatchString(username) { + go func() { + responseChan <- nil + close(responseChan) + }() + + return responseChan + } cachedResult := ctx.Storage.Get(username) if cachedResult != nil { diff --git a/api/mojang/queue/queue_test.go b/api/mojang/queue/queue_test.go index 7ba5167..f9e82ac 100644 --- a/api/mojang/queue/queue_test.go +++ b/api/mojang/queue/queue_test.go @@ -3,6 +3,7 @@ package queue import ( "crypto/rand" "encoding/base64" + "strings" "time" "github.com/elyby/chrly/api/mojang" @@ -251,6 +252,11 @@ func (suite *QueueTestSuite) TestHandle429ResponseWhenRequestingUsersTextures() suite.Assert().Nil(<-resultChan) } +func (suite *QueueTestSuite) TestReceiveTexturesForNotAllowedMojangUsername() { + resultChan := suite.Queue.GetTexturesForUsername("Not allowed") + suite.Assert().Nil(<-resultChan) +} + func TestJobsQueueSuite(t *testing.T) { suite.Run(t, new(QueueTestSuite)) } @@ -259,7 +265,7 @@ func TestJobsQueueSuite(t *testing.T) { func randStr(len int) string { buff := make([]byte, len) _, _ = rand.Read(buff) - str := base64.StdEncoding.EncodeToString(buff) + str := strings.ReplaceAll(base64.URLEncoding.EncodeToString(buff), "-", "_") // Base 64 can be longer than len return str[:len]