Repo cleanup and updates
This commit is contained in:
Darren Clarke
GitHub
parent
3a1063e40e
commit
99f8d7e2eb
72 changed files with 11857 additions and 16439 deletions
|
|
@ -12,6 +12,11 @@ import makeWASocket, {
|
|||
} from "@whiskeysockets/baileys";
|
||||
import fs from "fs";
|
||||
import { createLogger } from "@link-stack/logger";
|
||||
import {
|
||||
getMaxAttachmentSize,
|
||||
getMaxTotalAttachmentSize,
|
||||
MAX_ATTACHMENTS,
|
||||
} from "@link-stack/bridge-common";
|
||||
|
||||
const logger = createLogger("bridge-whatsapp-service");
|
||||
|
||||
|
|
@ -36,7 +41,24 @@ export default class WhatsappService extends Service {
|
|||
}
|
||||
|
||||
getBotDirectory(id: string): string {
|
||||
return `${this.getBaseDirectory()}/${id}`;
|
||||
// Validate that ID contains only safe characters (alphanumeric, dash, underscore)
|
||||
if (!/^[a-zA-Z0-9_-]+$/.test(id)) {
|
||||
throw new Error(`Invalid bot ID format: ${id}`);
|
||||
}
|
||||
|
||||
// Prevent path traversal by checking for suspicious patterns
|
||||
if (id.includes('..') || id.includes('/') || id.includes('\\')) {
|
||||
throw new Error(`Path traversal detected in bot ID: ${id}`);
|
||||
}
|
||||
|
||||
const botPath = `${this.getBaseDirectory()}/${id}`;
|
||||
|
||||
// Ensure the resolved path is still within the base directory
|
||||
if (!botPath.startsWith(this.getBaseDirectory())) {
|
||||
throw new Error(`Invalid bot path: ${botPath}`);
|
||||
}
|
||||
|
||||
return botPath;
|
||||
}
|
||||
|
||||
getAuthDirectory(id: string): string {
|
||||
|
|
@ -340,9 +362,39 @@ export default class WhatsappService extends Service {
|
|||
await connection.sendMessage(recipient, { text: message });
|
||||
}
|
||||
|
||||
// Send attachments if provided
|
||||
// Send attachments if provided with size validation
|
||||
if (attachments && attachments.length > 0) {
|
||||
const MAX_ATTACHMENT_SIZE = getMaxAttachmentSize();
|
||||
const MAX_TOTAL_SIZE = getMaxTotalAttachmentSize();
|
||||
|
||||
if (attachments.length > MAX_ATTACHMENTS) {
|
||||
throw new Error(`Too many attachments: ${attachments.length} (max ${MAX_ATTACHMENTS})`);
|
||||
}
|
||||
|
||||
let totalSize = 0;
|
||||
|
||||
for (const attachment of attachments) {
|
||||
// Calculate size before converting to buffer
|
||||
const estimatedSize = (attachment.data.length * 3) / 4;
|
||||
|
||||
if (estimatedSize > MAX_ATTACHMENT_SIZE) {
|
||||
logger.warn({
|
||||
filename: attachment.filename,
|
||||
size: estimatedSize,
|
||||
maxSize: MAX_ATTACHMENT_SIZE
|
||||
}, 'Attachment exceeds size limit, skipping');
|
||||
continue;
|
||||
}
|
||||
|
||||
totalSize += estimatedSize;
|
||||
if (totalSize > MAX_TOTAL_SIZE) {
|
||||
logger.warn({
|
||||
totalSize,
|
||||
maxTotalSize: MAX_TOTAL_SIZE
|
||||
}, 'Total attachment size exceeds limit, skipping remaining');
|
||||
break;
|
||||
}
|
||||
|
||||
const buffer = Buffer.from(attachment.data, "base64");
|
||||
|
||||
if (attachment.mime_type.startsWith("image/")) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue