Home / risinglegends.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from: v0.2.16)
chore(release): 0.2.17 v0.2.17
authorxangelo <me@xangelo.ca>
Fri, 25 Aug 2023 16:05:16 +0000 (12:05 -0400)
committerxangelo <me@xangelo.ca>
Fri, 25 Aug 2023 16:05:16 +0000 (12:05 -0400)
CHANGELOG.md patch | blob | history
package-lock.json patch | blob | history
package.json patch | blob | history
src/server/auth.ts patch | blob | history

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 764c8824219bd99ea14dc98fb229c334ae9156da..a627b745a538392cd858e388e5e1393b14ee4984 100644 (file)
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,13 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+### [0.2.17](https://git.xangelo.ca/?p=risinglegends.git;a=commitdiff;h=v0.2.17;hp=v0.2.16;ds=sidebyside) (2023-08-25)
+
+
+### Bug Fixes
+
+* xss username on signup a827642
+
 ### [0.2.16](https://git.xangelo.ca/?p=risinglegends.git;a=commitdiff;h=v0.2.16;hp=v0.2.15;ds=sidebyside) (2023-08-25)
 
 
 ### [0.2.16](https://git.xangelo.ca/?p=risinglegends.git;a=commitdiff;h=v0.2.16;hp=v0.2.15;ds=sidebyside) (2023-08-25)
 
 
diff --git a/package-lock.json b/package-lock.json
index acc76b88aa3f54758b3a9856d7dbc7eb44e02e73..291569862dc2efb25eabb75a307c109476547a6d 100644 (file)
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "rising-legends",
 {
   "name": "rising-legends",
-  "version": "0.2.16",
+  "version": "0.2.17",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "rising-legends",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "rising-legends",
-      "version": "0.2.16",
+      "version": "0.2.17",
       "dependencies": {
         "@honeycombio/opentelemetry-node": "^0.4.0",
         "@opentelemetry/auto-instrumentations-node": "^0.37.0",
       "dependencies": {
         "@honeycombio/opentelemetry-node": "^0.4.0",
         "@opentelemetry/auto-instrumentations-node": "^0.37.0",
diff --git a/package.json b/package.json
index e7d766bfcaf4e61b77ef0944890071395e8e9c99..8f5109fc33d43ce9e6f1df88bc5a1e938a3dc2d9 100644 (file)
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "rising-legends",
   "private": true,
 {
   "name": "rising-legends",
   "private": true,
-  "version": "0.2.16",
+  "version": "0.2.17",
   "scripts": {
     "up": "npx prisma migrate dev --name \"init\"",
     "start": "pm2 start dist/server/api.js",
   "scripts": {
     "up": "npx prisma migrate dev --name \"init\"",
     "start": "pm2 start dist/server/api.js",
diff --git a/src/server/auth.ts b/src/server/auth.ts
index 3f4899bad9decb1521c5ee4b31168b00927ad17e..456d2937a7f755c174411f3c5d709061705a0f9b 100644 (file)
--- a/src/server/auth.ts
+++ b/src/server/auth.ts
@@ -1,4 +1,5 @@
 import { Player } from 'shared/player';
 import { Player } from 'shared/player';
+import xss from 'xss';
 import bcrypt from 'bcrypt';
 import { loadPlayer } from './player';
 import { Auth } from '../shared/auth';
 import bcrypt from 'bcrypt';
 import { loadPlayer } from './player';
 import { Auth } from '../shared/auth';
@@ -14,7 +15,7 @@ export async function signup(playerId: string, username: string, password: strin
   const hash = await bcrypt.hash(password, salt);
   const data: Auth = {
     id: playerId,
   const hash = await bcrypt.hash(password, salt);
   const data: Auth = {
     id: playerId,
-    username,
+    username: xss(username, { whiteList: {} }),
     password: hash
   };
 
     password: hash
   };
 
@@ -33,7 +34,7 @@ export async function signup(playerId: string, username: string, password: strin
     console.log(e);
     if(e?.code === '23505') {
       if(e?.constraint === 'auth_pkey') {
     console.log(e);
     if(e?.code === '23505') {
       if(e?.constraint === 'auth_pkey') {
-        console.log(`Key ${playerId} was already claimed. ${username} tried claiming again..`);
+        console.log(`Key ${playerId} was already claimed. ${data.username} tried claiming again..`);
       }
       // someone already claimed this key
       throw new Error('Invalid account');
       }
       // someone already claimed this key
       throw new Error('Invalid account');
https://risinglegends.net