Refactor EncryptionChannelSend and EncryptionChannelManager to remove UUID and checksum validation, and add timestamp range check

https://github.com/nosial/Socialbox-PHP/issues/18
2025-03-08 00:44:44 -05:00 · 2025-03-08 00:44:44 -05:00 · 4f35485005
commit 4f35485005
parent 4e79783617
3 changed files with 32 additions and 8 deletions
--- a/src/Socialbox/Classes/StandardMethods/EncryptionChannel/EncryptionChannelSend.php
+++ b/src/Socialbox/Classes/StandardMethods/EncryptionChannel/EncryptionChannelSend.php
@ -32,10 +32,6 @@
            {
                throw new MissingRpcArgumentException('channel_uuid');
            }
-            elseif(!Validator::validateUuid($rpcRequest->getParameter('channel_uuid')))
-            {
-                throw new InvalidRpcArgumentException('channel_uuid', 'The given channel uuid is not a valid UUID V4');
-            }

            try
            {
@ -102,10 +98,6 @@
            {
                throw new MissingRpcArgumentException('checksum');
            }
-            elseif(!Cryptography::validateSha512($rpcRequest->getParameter('checksum')))
-            {
-                throw new InvalidRpcArgumentException('checksum', 'The given checksum is not a valid SHA-512 checksum');
-            }

            if(!$rpcRequest->containsParameter('data'))
            {
--- a/src/Socialbox/Classes/Validator.php
+++ b/src/Socialbox/Classes/Validator.php
@ -79,4 +79,17 @@
        {
            return preg_match("/^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/", $uuid) === 1;
        }
+
+        /**
+         * Checks if a given Unix timestamp falls within a specified range of the current time.
+         *
+         * @param int $timestamp The Unix timestamp to check.
+         * @param int $range The range in seconds within which the timestamp should fall.
+         * @return bool True if the timestamp is within the range, false otherwise.
+         */
+        public static function isTimestampInRange(int $timestamp, int $range): bool
+        {
+            $currentTime = time();
+            return ($timestamp >= ($currentTime - $range)) && ($timestamp <= ($currentTime + $range));
+        }
    }
--- a/src/Socialbox/Managers/EncryptionChannelManager.php
+++ b/src/Socialbox/Managers/EncryptionChannelManager.php
@ -527,10 +527,29 @@
                throw new InvalidArgumentException('Invalid UUID V4 of the message');
            }

+            if(!Validator::validateUuid($channelUuid))
+            {
+                throw new InvalidArgumentException('Invalid UUID V4 of the channel');
+            }
+
+            if(!Cryptography::validateSha512($checksum))
+            {
+                throw new InvalidArgumentException('Invalid checksum, must be SHA512');
+            }
+
+            if(empty($data))
+            {
+                throw new InvalidArgumentException('Data cannot be empty');
+            }
+
            if($messageTimestamp === null)
            {
                $messageTimestamp = time();
            }
+            elseif(!Validator::isTimestampInRange($messageTimestamp, 3600))
+            {
+                throw new InvalidArgumentException('Invalid timestamp, must be within 1 hour');
+            }

            $currentMessageCount = self::getMessageCount($channelUuid);
            if($currentMessageCount > Configuration::getPoliciesConfiguration()->getEncryptionChannelMaxMessages())