:lock: prevent passwort denial of server

1 files changed, 47 insertions, 23 deletions

diff --git a/src/util/instanceOf.ts b/src/util/instanceOf.ts

index 5035e4c9..cc373ec1 100644
--- a/src/util/instanceOf.ts
+++ b/src/util/instanceOf.ts
@@ -1,7 +1,6 @@
 // different version of lambert-server instanceOf with discord error format
 
 import { NextFunction, Request, Response } from "express";
-import { TFunction } from "i18next";
 import { Tuple } from "lambert-server";
 import "missing-native-js-functions";
 
@@ -11,7 +10,7 @@ export const EMAIL_REGEX = /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*
 export function check(schema: any) {
 	return (req: Request, res: Response, next: NextFunction) => {
 		try {
-			const result = instanceOf(schema, req.body, { path: "body", t: req.t, ref: { obj: null, key: "" } });
+			const result = instanceOf(schema, req.body, { path: "body", req, ref: { obj: null, key: "" } });
 			if (result === true) return next();
 			throw result;
 		} catch (error) {
@@ -48,6 +47,14 @@ export class Email {
 	}
 }
 
+export class Length {
+	constructor(public type: any, public min: number, public max: number) {}
+
+	check(value: string) {
+		return value.length >= this.min && value.length <= this.max;
+	}
+}
+
 export function instanceOf(
 	type: any,
 	value: any,
@@ -55,65 +62,82 @@ export function instanceOf(
 		path = "",
 		optional = false,
 		errors = {},
-		t,
+		req,
 		ref,
-	}: { path?: string; optional?: boolean; errors?: any; t: TFunction; ref: { key: string | number; obj: any } }
+	}: { path?: string; optional?: boolean; errors?: any; req: Request; ref: { key: string | number; obj: any } }
 ): Boolean {
 	try {
 		if (!type) return true; // no type was specified
 
 		if (value == null) {
 			if (optional) return true;
-			throw new FieldError("BASE_TYPE_REQUIRED", t("common:field.BASE_TYPE_REQUIRED"));
+			throw new FieldError("BASE_TYPE_REQUIRED", req.t("common:field.BASE_TYPE_REQUIRED"));
 		}
 
 		switch (type) {
 			case String:
 				if (typeof value === "string") return true;
-				throw new FieldError("BASE_TYPE_STRING", t("common:field.BASE_TYPE_STRING"));
+				throw new FieldError("BASE_TYPE_STRING", req.t("common:field.BASE_TYPE_STRING"));
 			case Number:
 				value = Number(value);
 				ref.obj[ref.key] = value;
 				if (typeof value === "number" && !isNaN(value)) return true;
-				throw new FieldError("BASE_TYPE_NUMBER", t("common:field.BASE_TYPE_NUMBER"));
+				throw new FieldError("BASE_TYPE_NUMBER", req.t("common:field.BASE_TYPE_NUMBER"));
 			case BigInt:
 				try {
 					value = BigInt(value);
 					ref.obj[ref.key] = value;
 					if (typeof value === "bigint") return true;
 				} catch (error) {}
-				throw new FieldError("BASE_TYPE_BIGINT", t("common:field.BASE_TYPE_BIGINT"));
+				throw new FieldError("BASE_TYPE_BIGINT", req.t("common:field.BASE_TYPE_BIGINT"));
 			case Boolean:
 				if (value == "true") value = true;
 				if (value == "false") value = false;
 				ref.obj[ref.key] = value;
 				if (typeof value === "boolean") return true;
-				throw new FieldError("BASE_TYPE_BOOLEAN", t("common:field.BASE_TYPE_BOOLEAN"));
+				throw new FieldError("BASE_TYPE_BOOLEAN", req.t("common:field.BASE_TYPE_BOOLEAN"));
 
-			case Tuple:
-				if ((<Tuple>type).types.some((x) => instanceOf(x, value, { path, optional, errors, t, ref })))
-					return true;
-				throw new FieldError("BASE_TYPE_CHOICES", t("common:field.BASE_TYPE_CHOICES", { types: type.types }));
 			case Email:
 				if (new Email(value).check()) return true;
-				throw new FieldError("EMAIL_TYPE_INVALID_EMAIL", t("common:field.EMAIL_TYPE_INVALID_EMAIL"));
+				throw new FieldError("EMAIL_TYPE_INVALID_EMAIL", req.t("common:field.EMAIL_TYPE_INVALID_EMAIL"));
 			case Date:
 				value = new Date(value);
 				ref.obj[ref.key] = value;
 				// value.getTime() can be < 0, if it is before 1970
 				if (!isNaN(value)) return true;
-				throw new FieldError("DATE_TYPE_PARSE", t("common:field.DATE_TYPE_PARSE"));
+				throw new FieldError("DATE_TYPE_PARSE", req.t("common:field.DATE_TYPE_PARSE"));
 		}
 
 		if (typeof type === "object") {
 			if (type?.constructor?.name != "Object") {
+				if (type instanceof Tuple) {
+					if ((<Tuple>type).types.some((x) => instanceOf(x, value, { path, optional, errors, req, ref })))
+						return true;
+					throw new FieldError(
+						"BASE_TYPE_CHOICES",
+						req.t("common:field.BASE_TYPE_CHOICES", { types: type.types })
+					);
+				} else if (type instanceof Length) {
+					let length = <Length>type;
+					if (instanceOf(length.type, value, { path, optional, req, ref, errors }) !== true) return errors;
+					let val = ref.obj[ref.key];
+					if ((<Length>type).check(val)) return true;
+					throw new FieldError(
+						"BASE_TYPE_BAD_LENGTH",
+						req.t("common:field.BASE_TYPE_BAD_LENGTH", {
+							length: `${type.min} - ${type.max}`,
+						})
+					);
+				}
 				if (value instanceof type) return true;
-				throw new FieldError("BASE_TYPE_CLASS", t("common:field.BASE_TYPE_CLASS", { type }));
+				throw new FieldError("BASE_TYPE_CLASS", req.t("common:field.BASE_TYPE_CLASS", { type }));
 			}
-			if (typeof value !== "object") throw new FieldError("BASE_TYPE_OBJECT", t("common:field.BASE_TYPE_OBJECT"));
+			if (typeof value !== "object")
+				throw new FieldError("BASE_TYPE_OBJECT", req.t("common:field.BASE_TYPE_OBJECT"));
 
 			if (Array.isArray(type)) {
-				if (!Array.isArray(value)) throw new FieldError("BASE_TYPE_ARRAY", t("common:field.BASE_TYPE_ARRAY"));
+				if (!Array.isArray(value))
+					throw new FieldError("BASE_TYPE_ARRAY", req.t("common:field.BASE_TYPE_ARRAY"));
 				if (!type.length) return true; // type array didn't specify any type
 
 				return (
@@ -124,7 +148,7 @@ export function instanceOf(
 								path: `${path}[${i}]`,
 								optional,
 								errors: errors[i],
-								t,
+								req,
 								ref: { key: i, obj: value },
 							}) === true
 						);
@@ -136,7 +160,7 @@ export function instanceOf(
 				Object.keys(type).map((x) => (x.startsWith(OPTIONAL_PREFIX) ? x.slice(OPTIONAL_PREFIX.length) : x))
 			);
 
-			if (diff.length) throw new FieldError("UNKOWN_FIELD", t("common:field.UNKOWN_FIELD", { key: diff }));
+			if (diff.length) throw new FieldError("UNKOWN_FIELD", req.t("common:field.UNKOWN_FIELD", { key: diff }));
 
 			return (
 				Object.keys(type).every((key) => {
@@ -150,7 +174,7 @@ export function instanceOf(
 							path: `${path}.${newKey}`,
 							optional: OPTIONAL,
 							errors: errors[newKey],
-							t,
+							req,
 							ref: { key: newKey, obj: value },
 						}) === true
 					);
@@ -158,10 +182,10 @@ export function instanceOf(
 			);
 		} else if (typeof type === "number" || typeof type === "string" || typeof type === "boolean") {
 			if (value === type) return true;
-			throw new FieldError("BASE_TYPE_CONSTANT", t("common:field.BASE_TYPE_CONSTANT", { value: type }));
+			throw new FieldError("BASE_TYPE_CONSTANT", req.t("common:field.BASE_TYPE_CONSTANT", { value: type }));
 		} else if (typeof type === "bigint") {
 			if (BigInt(value) === type) return true;
-			throw new FieldError("BASE_TYPE_CONSTANT", t("common:field.BASE_TYPE_CONSTANT", { value: type }));
+			throw new FieldError("BASE_TYPE_CONSTANT", req.t("common:field.BASE_TYPE_CONSTANT", { value: type }));
 		}
 
 		return type == value;