Nosial/socialbox-php
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactor EncryptionChannelSend and EncryptionChannelManager to remove UUID and checksum validation, and add timestamp range check

Browse source 
https://github.com/nosial/Socialbox-PHP/issues/18
This commit is contained in:
netkas 2025-03-08 00:44:44 -05:00
parent 4e79783617
commit 4f35485005
3 changed files with 32 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/Socialbox/Classes/StandardMethods/EncryptionChannel/EncryptionChannelSend.php
View file

@ -32,10 +32,6 @@
{ {
throw new MissingRpcArgumentException('channel_uuid'); throw new MissingRpcArgumentException('channel_uuid');
} }
elseif(!Validator::validateUuid($rpcRequest->getParameter('channel_uuid')))
{
throw new InvalidRpcArgumentException('channel_uuid', 'The given channel uuid is not a valid UUID V4');
}
try try
{ {
@ -102,10 +98,6 @@
{ {
throw new MissingRpcArgumentException('checksum'); throw new MissingRpcArgumentException('checksum');
} }
elseif(!Cryptography::validateSha512($rpcRequest->getParameter('checksum')))
{
throw new InvalidRpcArgumentException('checksum', 'The given checksum is not a valid SHA-512 checksum');
}
if(!$rpcRequest->containsParameter('data')) if(!$rpcRequest->containsParameter('data'))
{ {

13
src/Socialbox/Classes/Validator.php
View file

@ -79,4 +79,17 @@
{ {
return preg_match("/^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/", $uuid) === 1; return preg_match("/^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/", $uuid) === 1;
} }
/**
* Checks if a given Unix timestamp falls within a specified range of the current time.
*
* @param int $timestamp The Unix timestamp to check.
* @param int $range The range in seconds within which the timestamp should fall.
* @return bool True if the timestamp is within the range, false otherwise.
*/
public static function isTimestampInRange(int $timestamp, int $range): bool
{
$currentTime = time();
return ($timestamp >= ($currentTime - $range)) && ($timestamp <= ($currentTime + $range));
}
} }

19
src/Socialbox/Managers/EncryptionChannelManager.php
View file

@ -527,10 +527,29 @@
throw new InvalidArgumentException('Invalid UUID V4 of the message'); throw new InvalidArgumentException('Invalid UUID V4 of the message');
} }
if(!Validator::validateUuid($channelUuid))
{
throw new InvalidArgumentException('Invalid UUID V4 of the channel');
}
if(!Cryptography::validateSha512($checksum))
{
throw new InvalidArgumentException('Invalid checksum, must be SHA512');
}
if(empty($data))
{
throw new InvalidArgumentException('Data cannot be empty');
}
if($messageTimestamp === null) if($messageTimestamp === null)
{ {
$messageTimestamp = time(); $messageTimestamp = time();
} }
elseif(!Validator::isTimestampInRange($messageTimestamp, 3600))
{
throw new InvalidArgumentException('Invalid timestamp, must be within 1 hour');
}
$currentMessageCount = self::getMessageCount($channelUuid); $currentMessageCount = self::getMessageCount($channelUuid);
if($currentMessageCount > Configuration::getPoliciesConfiguration()->getEncryptionChannelMaxMessages()) if($currentMessageCount > Configuration::getPoliciesConfiguration()->getEncryptionChannelMaxMessages())