All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
+### [0.2.17](https://git.xangelo.ca/?p=risinglegends.git;a=commitdiff;h=v0.2.17;hp=v0.2.16;ds=sidebyside) (2023-08-25)
+
+
+### Bug Fixes
+
+* xss username on signup a827642
+
### [0.2.16](https://git.xangelo.ca/?p=risinglegends.git;a=commitdiff;h=v0.2.16;hp=v0.2.15;ds=sidebyside) (2023-08-25)
{
"name": "rising-legends",
- "version": "0.2.16",
+ "version": "0.2.17",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "rising-legends",
- "version": "0.2.16",
+ "version": "0.2.17",
"dependencies": {
"@honeycombio/opentelemetry-node": "^0.4.0",
"@opentelemetry/auto-instrumentations-node": "^0.37.0",
{
"name": "rising-legends",
"private": true,
- "version": "0.2.16",
+ "version": "0.2.17",
"scripts": {
"up": "npx prisma migrate dev --name \"init\"",
"start": "pm2 start dist/server/api.js",
import { Player } from 'shared/player';
+import xss from 'xss';
import bcrypt from 'bcrypt';
import { loadPlayer } from './player';
import { Auth } from '../shared/auth';
const hash = await bcrypt.hash(password, salt);
const data: Auth = {
id: playerId,
- username,
+ username: xss(username, { whiteList: {} }),
password: hash
};
console.log(e);
if(e?.code === '23505') {
if(e?.constraint === 'auth_pkey') {
- console.log(`Key ${playerId} was already claimed. ${username} tried claiming again..`);
+ console.log(`Key ${playerId} was already claimed. ${data.username} tried claiming again..`);
}
// someone already claimed this key
throw new Error('Invalid account');