Lightless-Sync/LightlessServer
8
0
Fork 0
Code Issues 3 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

validate incoming cid's

Browse Source
This commit is contained in:
azyges
2025-10-01 08:41:56 +09:00
parent ed13ee8921
commit d2dabddeb7
4 changed files with 54 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
LightlessSyncServer/LightlessSyncServer/Hubs/LightlessHub.Groups.cs
View File

@@ -371,11 +371,6 @@ public partial class LightlessHub
return new GroupJoinInfoDto(group.ToGroupData(), group.Owner.ToUserData(), group.ToEnum(), true);
}
private static bool IsHex(char c) =>
(c >= '0' && c <= '9') ||
(c >= 'a' && c <= 'f') ||
(c >= 'A' && c <= 'F');
[Authorize(Policy = "Identified")]
public async Task<bool> GroupJoinFinalize(GroupJoinDto dto)
{
@@ -386,7 +381,7 @@ public partial class LightlessHub
var group = await DbContext.Groups.Include(g => g.Owner).AsNoTracking().SingleOrDefaultAsync(g => g.GID == aliasOrGid || g.Alias == aliasOrGid, cancellationToken: _contextAccessor.HttpContext.RequestAborted).ConfigureAwait(false);
var groupGid = group?.GID ?? string.Empty;
var existingPair = await DbContext.GroupPairs.AsNoTracking().SingleOrDefaultAsync(g => g.GroupGID == groupGid && g.GroupUserUID == UserUID).ConfigureAwait(false);
var isHashedPassword = dto.Password.Length == 64 && dto.Password.All(IsHex);
var isHashedPassword = dto.Password.Length == 64 && dto.Password.All(Uri.IsHexDigit);
var hashedPw = isHashedPassword
? dto.Password
: StringUtils.Sha256String(dto.Password);