From 46230b1996356c315d4aa6164b5c1fca3a930781 Mon Sep 17 00:00:00 2001 From: Scott Anderson Date: Thu, 8 May 2025 21:41:19 -0400 Subject: [PATCH] Enforce UUID validation for persistent id (#674) ## Description: - Add more restrictive UUID validation for persistent ids. ## Please complete the following: - [x] I have added screenshots for all UI updates - [x] I confirm I have thoroughly tested these changes and take full responsibility for any bugs introduced - [x] I understand that submitting code with bugs that could have been caught through manual testing blocks releases and new features for all contributors Co-authored-by: Scott Anderson <662325+scottanderson@users.noreply.github.com> --- src/core/Schemas.ts | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/core/Schemas.ts b/src/core/Schemas.ts index 8f202d9d0..3ea701d24 100644 --- a/src/core/Schemas.ts +++ b/src/core/Schemas.ts @@ -138,6 +138,8 @@ const SafeString = z ) .max(1000); +const PersistentIdSchema = z.string().uuid(); + const EmojiSchema = z .number() .nonnegative() @@ -388,7 +390,7 @@ export const ClientLogMessageSchema = z.object({ type: z.literal("log"), severity: z.nativeEnum(LogSeverity), log: ID, - persistentID: SafeString, + persistentID: PersistentIdSchema, // WARNING: PII }); export const ClientPingMessageSchema = z.object({ @@ -404,7 +406,7 @@ export const ClientIntentMessageSchema = z.object({ export const ClientJoinMessageSchema = z.object({ type: z.literal("join"), clientID: ID, - persistentID: SafeString, // WARNING: PII + persistentID: PersistentIdSchema, // WARNING: PII gameID: ID, lastTurn: z.number(), // The last turn the client saw. username: SafeString, @@ -424,7 +426,7 @@ export const PlayerRecordSchema = z.object({ clientID: ID, username: SafeString, ip: SafeString.nullable(), // WARNING: PII - persistentID: SafeString, // WARNING: PII + persistentID: PersistentIdSchema, // WARNING: PII }); export const GameRecordSchema = z.object({