[mirotalkwebrtc] - add tag and room validator

backend/middleware/validator.js

@@ -11,9 +11,11 @@ const validEmailReg = new RegExp(
     /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/,
 );
 const validNumberReg = new RegExp(/^\+?\d{1,3}[-.\s]?\(?\d{1,4}\)?[-.\s]?\d{1,4}[-.\s]?\d{1,9}$/);
+const pathTraversal = new RegExp(/(\.\.(\/|\\))+/);
+const alphanumeric = new RegExp(/^[A-Za-z0-9-_]+$/);
 
 const checkData = (req, res, next) => {
-    const { username, email, phone, password } = req.body;
+    const { username, email, phone, password, room, tag } = req.body;
     if (username) {
         const validUsername = isValidUsername(username);
         log.debug('Validator', { username: validUsername });
@@ -42,6 +44,20 @@ const checkData = (req, res, next) => {
             return res.status(201).json({ message: validPassword });
         }
     }
+    if (room) {
+        const validRoom = isValidRoom(room);
+        log.debug('Validator', { room: validRoom });
+        if (validRoom != true) {
+            return res.status(201).json({ message: validRoom });
+        }
+    }
+    if (tag) {
+        const validTag = isValidTag(tag);
+        log.debug('Validator', { tag: validTag });
+        if (validTag != true) {
+            return res.status(201).json({ message: validTag });
+        }
+    }
     return next();
 };
 
@@ -84,4 +100,18 @@ function isValidPassword(password) {
     return true;
 }
 
+function isValidRoom(room){
+    if (room.match(pathTraversal)) {
+        return '⚠️ The room name is not valid!';
+    };
+    return true;
+}
+
+function isValidTag(tag){
+    if (!tag.match(alphanumeric)) {
+        return '⚠️ The Tag must be alphanumeric!';
+    };
+    return true;
+}
+
 module.exports = checkData;

frontend/js/client.js

@@ -9,7 +9,7 @@
  * @license For private project or commercial purposes contact us at: [email protected] or purchase it directly via Code Canyon:
  * @license https://codecanyon.net/item/a-selfhosted-mirotalks-webrtc-rooms-scheduler-server/42643313
  * @author  Miroslav Pejic - [email protected]
- * @version 1.0.83
+ * @version 1.0.84
  */
 
 const isMobile = !!/Android|webOS|iPhone|iPad|iPod|BB10|BlackBerry|IEMobile|Opera Mini|Mobile|mobile/i.test(
@@ -469,6 +469,7 @@ function addRow() {
             console.log('[API] - ROOM CREATE RESPONSE', res);
             if (res.message) {
                 popupMessage('warning', `${res.message}`);
+                removeLastRow();
             } else {
                 const tableRow = getRow(res);
                 if (tableRow) {
@@ -798,6 +799,17 @@ function delAllRows() {
     });
 }
 
+function removeRow(id){
+    dataTable.row(`#${id}`).remove().draw();
+}
+
+function removeLastRow() {
+    const lastRowIndex = dataTable.rows().count() - 1;
+    if (lastRowIndex >= 0) {
+        dataTable.row(lastRowIndex).remove().draw();
+    }
+}
+
 function getMyAccount() {
     userGet(userId)
         .then((res) => {

package.json

@@ -1,6 +1,6 @@
 {
     "name": "mirotalkwebrtc",
-    "version": "1.0.83",
+    "version": "1.0.84",
     "description": "MiroTalk WebRTC admin",
     "main": "server.js",
     "scripts": {
@@ -34,8 +34,8 @@
     "homepage": "https://github.com/miroslavpejic85/mirotalkwebrtc",
     "dependencies": {
         "@sentry/integrations": "^7.114.0",
-        "@sentry/node": "^8.20.0",
-        "axios": "^1.7.2",
+        "@sentry/node": "^8.24.0",
+        "axios": "^1.7.3",
         "bcryptjs": "^2.4.3",
         "colors": "1.4.0",
         "compression": "^1.7.4",
@@ -45,7 +45,7 @@
         "express": "^4.19.2",
         "jsonwebtoken": "^9.0.2",
         "js-yaml": "^4.1.0",
-        "mongoose": "^8.5.1",
+        "mongoose": "^8.5.2",
         "ngrok": "^5.0.0-beta.2",
         "nodemailer": "^6.9.14",
         "swagger-ui-express": "^5.0.1",