Add validation to blocklists, test that adding doesn't break stuff #40
Conversation
|
where are blocklists from? is it possible they may include |
| @@ -45,7 +58,8 @@ export const blockAllowListRoutes = (cfg: APIConfig, store: Store, apsystem: Act | |||
| return await reply.code(403).send('Not Allowed') | |||
| } | |||
|
|
|||
| const accounts = request.body.split('\n') | |||
| const accounts = request.body.trim().split('\n') | |||
There was a problem hiding this comment.
maybe .map(x => x.trim()) after the split? also remove empty lines
There was a problem hiding this comment.
I think empty lines should be an error.
the api client sends accounts separated by newlines to the endpoint. on the ruby client the method takes an array and concatenates items with a newline |
Co-authored-by: Nulo <[email protected]>
|
Yeah I'd like to avoid adding any fancy syntax like comments or empty lines and stick to valid user input. I added trim to account for newlines at the end messing stuff up since it'd be a likely error when importing a file. |
| import Store from '../store/index.js' | ||
| import ActivityPubSystem from '../apsystem.js' | ||
|
|
||
| export function validateBlocklistFormat (mention: string): void { | ||
| const sections = mention.split('@') |
There was a problem hiding this comment.
const isInstanceBlock = sections[1] === '*' && sections[0] === '' && sections[2] !== '';There was a problem hiding this comment.
I don't think we need to explicitly handle this case since it's already handled by the other checks.
Related to #37 where there's an error being swallowed and leading to unexpected behavior.