Improving code security by adding stricter typings

2021-12-14 18:55:41 +01:00 · 2021-12-14 18:55:41 +01:00 · 2fff6ae41e
commit 2fff6ae41e
parent bbef3b3eaf
12 changed files with 45 additions and 23 deletions
--- a/front/src/Connexion/Room.ts
+++ b/front/src/Connexion/Room.ts
@ -5,6 +5,8 @@ import type { CharacterTexture } from "./LocalUser";
 import { localUserStore } from "./LocalUserStore";
 import axios from "axios";
 import { axiosWithRetry } from "./AxiosUtils";
+import {isMapDetailsData} from "../../../pusher/src/Messages/JsonMessages/MapDetailsData";
+import {isRoomRedirect} from "../Messages/JsonMessages/RoomRedirect";

 export class MapDetail {
    constructor(public readonly mapUrl: string, public readonly textures: CharacterTexture[] | undefined) {}
@ -101,27 +103,34 @@ export class Room {
            });

            const data = result.data;
-            if (data.redirectUrl) {
+
+            if (isRoomRedirect(data.redirectUrl)) {
                return {
                    redirectUrl: data.redirectUrl as string,
                };
+            } else if (isMapDetailsData(data)) {
+                console.log("Map ", this.id, " resolves to URL ", data.mapUrl);
+                this._mapUrl = data.mapUrl;
+                this._textures = data.textures;
+                this._group = data.group;
+                this._authenticationMandatory =
+                    data.authenticationMandatory != null ? data.authenticationMandatory : DISABLE_ANONYMOUS;
+                this._iframeAuthentication = data.iframeAuthentication || OPID_LOGIN_SCREEN_PROVIDER;
+                this._contactPage = data.contactPage || CONTACT_URL;
+                return new MapDetail(data.mapUrl, data.textures);
+            } else {
+                throw new Error('Data received by the /map endpoint of the Pusher is not in a valid format.');
            }
-            console.log("Map ", this.id, " resolves to URL ", data.mapUrl);
-            this._mapUrl = data.mapUrl;
-            this._textures = data.textures;
-            this._group = data.group;
-            this._authenticationMandatory =
-                data.authenticationMandatory != null ? data.authenticationMandatory : DISABLE_ANONYMOUS;
-            this._iframeAuthentication = data.iframeAuthentication || OPID_LOGIN_SCREEN_PROVIDER;
-            this._contactPage = data.contactPage || CONTACT_URL;
-            return new MapDetail(data.mapUrl, data.textures);
+
        } catch (e) {
            if (axios.isAxiosError(e) && e.response?.status == 401 && e.response?.data === "Token decrypted error") {
                console.warn("JWT token sent could not be decrypted. Maybe it expired?");
                localUserStore.setAuthToken(null);
                window.location.assign("/login");
-            } else {
+            } else if (axios.isAxiosError(e)) {
                console.error("Error => getMapDetail", e, e.response);
+            } else {
+                console.error("Error => getMapDetail", e);
            }
            throw e;
        }