diff --git a/backend/src/routes/image/imageid.validator.ts b/backend/src/routes/image/imageid.validator.ts index 9094ab9..5af7ce1 100644 --- a/backend/src/routes/image/imageid.validator.ts +++ b/backend/src/routes/image/imageid.validator.ts @@ -4,13 +4,13 @@ import { Injectable, PipeTransform } from '@nestjs/common'; -import { SHA256 } from 'picsur-shared/dist/util/common-regex'; +import { SHA256Regex } from 'picsur-shared/dist/util/common-regex'; @Injectable() export class ImageIdValidator implements PipeTransform { transform(value: string, metadata: ArgumentMetadata): string { // Check regex for sha256 - if (SHA256.test(value)) return value; + if (SHA256Regex.test(value)) return value; throw new BadRequestException('Invalid image id'); } } diff --git a/frontend/src/app/routes/view/view.component.ts b/frontend/src/app/routes/view/view.component.ts index 1596b84..a5a0969 100644 --- a/frontend/src/app/routes/view/view.component.ts +++ b/frontend/src/app/routes/view/view.component.ts @@ -2,7 +2,7 @@ import { Component, OnInit } from '@angular/core'; import { ActivatedRoute, Router } from '@angular/router'; import { ImageLinks } from 'picsur-shared/dist/dto/imagelinks.dto'; import { HasFailed } from 'picsur-shared/dist/types'; -import { SHA256 } from 'picsur-shared/dist/util/common-regex'; +import { SHA256Regex } from 'picsur-shared/dist/util/common-regex'; import { ImageService } from 'src/app/services/api/image.service'; import { UtilService } from 'src/app/util/util.service'; @@ -23,7 +23,7 @@ export class ViewComponent implements OnInit { async ngOnInit() { const params = this.route.snapshot.paramMap; const hash = params.get('hash') ?? ''; - if (!SHA256.test(hash)) { + if (!SHA256Regex.test(hash)) { return this.utilService.quitError('Invalid image link'); } diff --git a/frontend/src/app/services/api/info.service.ts b/frontend/src/app/services/api/info.service.ts index dd42dae..5d33134 100644 --- a/frontend/src/app/services/api/info.service.ts +++ b/frontend/src/app/services/api/info.service.ts @@ -4,7 +4,7 @@ import { AsyncFailable, Fail, HasFailed } from 'picsur-shared/dist/types'; -import { SemVer } from 'picsur-shared/dist/util/common-regex'; +import { SemVerRegex } from 'picsur-shared/dist/util/common-regex'; import { BehaviorSubject } from 'rxjs'; import { SnackBarType } from 'src/app/models/dto/snack-bar-type.dto'; import { UtilService } from 'src/app/util/util.service'; @@ -50,7 +50,7 @@ export class InfoService { const serverVersion = info.version; const clientVersion = this.getFrontendVersion(); - if (!SemVer.test(serverVersion) || !SemVer.test(clientVersion)) { + if (!SemVerRegex.test(serverVersion) || !SemVerRegex.test(clientVersion)) { return Fail(`Not a valid semver: ${serverVersion} or ${clientVersion}`); } diff --git a/shared/src/dto/api/info.dto.ts b/shared/src/dto/api/info.dto.ts index f76d16d..2f8f76c 100644 --- a/shared/src/dto/api/info.dto.ts +++ b/shared/src/dto/api/info.dto.ts @@ -1,12 +1,12 @@ import { string, z } from 'zod'; -import { SemVer } from '../../util/common-regex'; +import { SemVerRegex } from '../../util/common-regex'; import { createZodDto } from '../../util/create-zod-dto'; import { IsStringList } from '../../validators/string-list.validator'; export const InfoResponseSchema = z.object({ production: z.boolean(), demo: z.boolean(), - version: string().regex(SemVer), + version: string().regex(SemVerRegex), }); export class InfoResponse extends createZodDto(InfoResponseSchema) {} diff --git a/shared/src/entities/image.entity.ts b/shared/src/entities/image.entity.ts index eb71f5f..c0ca60c 100644 --- a/shared/src/entities/image.entity.ts +++ b/shared/src/entities/image.entity.ts @@ -1,10 +1,10 @@ import { z } from 'zod'; -import { SHA256 } from '../util/common-regex'; +import { SHA256Regex } from '../util/common-regex'; import { IsEntityID } from '../validators/entity-id.validator'; export const EImageSchema = z.object({ id: IsEntityID().optional(), - hash: z.string().regex(SHA256), + hash: z.string().regex(SHA256Regex), data: z.undefined(), mime: z.string(), }); diff --git a/shared/src/util/common-regex.ts b/shared/src/util/common-regex.ts index 67e7acb..c6496b4 100644 --- a/shared/src/util/common-regex.ts +++ b/shared/src/util/common-regex.ts @@ -1,5 +1,6 @@ -export const AlphaNumeric = /^[a-zA-Z0-9]+$/; -export const SHA256 = /^[a-f0-9A-F]{64}$/; -export const SemVer = /^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)$/; +export const AlphaNumericRegex = /^[a-zA-Z0-9]+$/; +export const SHA256Regex = /^[a-f0-9A-F]{64}$/; +export const SemVerRegex = /^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)$/; export const URLRegex = /((([A-Za-z]{3,9}:(?:\/\/)?)(?:[\-;:&=\+\$,\w]+@)?[A-Za-z0-9\.\-]+|(?:www\.|[\-;:&=\+\$,\w]+@)[A-Za-z0-9\.\-]+)((?:\/[\+~%\/\.\w\-_]*)?\??(?:[\-\+=&;%@\.\w_]*)#?(?:[\.\!\/\\\w]*))?)/; +export const UUIDRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i; diff --git a/shared/src/validators/role.validators.ts b/shared/src/validators/role.validators.ts index 5f46968..f89f59f 100644 --- a/shared/src/validators/role.validators.ts +++ b/shared/src/validators/role.validators.ts @@ -1,4 +1,4 @@ import { z } from 'zod'; -import { AlphaNumeric } from '../util/common-regex'; +import { AlphaNumericRegex } from '../util/common-regex'; -export const IsRoleName = () => z.string().min(4).max(32).regex(AlphaNumeric); +export const IsRoleName = () => z.string().min(4).max(32).regex(AlphaNumericRegex); diff --git a/shared/src/validators/user.validators.ts b/shared/src/validators/user.validators.ts index 8303dfd..7d78a5f 100644 --- a/shared/src/validators/user.validators.ts +++ b/shared/src/validators/user.validators.ts @@ -1,9 +1,9 @@ import { z } from 'zod'; -import { AlphaNumeric } from '../util/common-regex'; +import { AlphaNumericRegex } from '../util/common-regex'; // Match this with user validators in frontend // (Frontend is not security focused, but it tells the user what is wrong) -export const IsUsername = () => z.string().min(4).max(32).regex(AlphaNumeric); +export const IsUsername = () => z.string().min(4).max(32).regex(AlphaNumericRegex); export const IsPlainTextPwd = () => z.string().min(4).max(1024);