[mirotalksfu] - improve further rec fileName validation

2024-08-05 15:09:05 +02:00
--- a/app/src/Server.js
+++ b/app/src/Server.js
@@ -44,7 +44,7 @@ dependencies: {
 * @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
 * @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
 * @author  Miroslav Pejic - miroslav.pejic.85@gmail.com
- * @version 1.5.38
+ * @version 1.5.39
 *
 */

@@ -652,22 +652,28 @@ function startServer() {
        // Store recording...
        if (serverRecordingEnabled) {
            //
-            const { fileName } = req.query;
-
-            if (!fileName) {
-                return res.status(400).send('Filename not provided');
-            }
-
-            // Rec_test_2024_08_03_16_17_01.webm
-
-            const parts = fileName.split('_');
-            const roomId = parts[1];
-
-            if (!isValidVideo(fileName) || !roomList.has(roomId)) {
-                return res.status(400).send('Invalid file name');
-            }
-
            try {
+                const { fileName } = req.query;
+
+                if (!fileName) {
+                    return res.status(400).send('Filename not provided');
+                }
+
+                // Rec_test_2024_08_03_16_17_01.webm
+
+                if (!isValidRecFileNameFormat(fileName)) {
+                    log.warn('[RecSync] - Invalid file name', fileName);
+                    return res.status(400).send('Invalid file name');
+                }
+
+                const parts = fileName.split('_');
+                const roomId = parts[1];
+
+                if (!roomList.has(roomId)) {
+                    log.warn('[RecSync] - ROomID not exists in filename', fileName);
+                    return res.status(400).send('Invalid file name');
+                }
+
                if (!fs.existsSync(dir.rec)) {
                    fs.mkdirSync(dir.rec, { recursive: true });
                }
@@ -2957,8 +2963,8 @@ function startServer() {

    // Utils...

-    function isValidVideo(input) {
-        if (input.endsWith('.mp4') || input.endsWith('.webm') || input.endsWith('.ogg')) return true;
-        return false;
+    function isValidRecFileNameFormat(input) {
+        const pattern = /^Rec_(?:[A-Za-z0-9-_]+|[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12})_\d{4}_\d{2}_\d{2}_\d{2}_\d{2}_\d{2}\.(webm)$/;
+        return pattern.test(input);
    }
 }
--- a/cloud/server.js
+++ b/cloud/server.js
@@ -9,6 +9,7 @@ const port = process.env.PORT || 8080;

 // Replace with your actual logging mechanism
 const log = {
+    warn: console.warn,
    error: console.error,
    debug: console.log,
 };
@@ -38,41 +39,47 @@ function ensureRecordingDirectoryExists() {

 // Endpoint to handle recording uploads
 app.post('/recSync', (req, res) => {
-    if (!isServerRecordingEnabled) {
-        return res.status(403).send('Server recording is disabled');
-    }
+    try {
+        if (!isServerRecordingEnabled) {
+            return res.status(403).send('Server recording is disabled');
+        }

-    const { fileName } = req.query;
+        const { fileName } = req.query;

-    if (!fileName) {
-        return res.status(400).send('Filename not provided');
-    }
+        if (!fileName) {
+            return res.status(400).send('Filename not provided');
+        }

-    if (!isValidVideo(fileName)) {
-        return res.status(400).send('Invalid file name');
-    }
+        if (!isValidRecFileNameFormat(fileName)) {
+            log.warn('Invalid file name', fileName);
+            return res.status(400).send('Invalid file name');
+        }

-    ensureRecordingDirectoryExists();
+        ensureRecordingDirectoryExists();

-    const filePath = path.join(recordingDirectory, fileName);
-    const writeStream = fs.createWriteStream(filePath, { flags: 'a' });
+        const filePath = path.join(recordingDirectory, fileName);
+        const writeStream = fs.createWriteStream(filePath, { flags: 'a' });

-    req.pipe(writeStream);
+        req.pipe(writeStream);

-    writeStream.on('error', (err) => {
-        log.error('Error writing to file:', err.message);
+        writeStream.on('error', (err) => {
+            log.error('Error writing to file:', err.message);
+            res.status(500).send('Internal Server Error');
+        });
+
+        writeStream.on('finish', () => {
+            log.debug('File saved successfully:', fileName);
+            res.status(200).send('File uploaded successfully');
+        });
+
+        req.on('error', (err) => {
+            log.error('Error processing request:', err.message);
+            res.status(500).send('Internal Server Error');
+        });
+    } catch (err) {
+        log.error('Error processing upload', err.message);
        res.status(500).send('Internal Server Error');
-    });
-
-    writeStream.on('finish', () => {
-        log.debug('File saved successfully:', fileName);
-        res.status(200).send('File uploaded successfully');
-    });
-
-    req.on('error', (err) => {
-        log.error('Error processing request:', err.message);
-        res.status(500).send('Internal Server Error');
-    });
+    }
 });

 // Start the server
@@ -80,7 +87,7 @@ app.listen(port, () => {
    log.debug(`Server is running on http://localhost:${port}`);
 });

-function isValidVideo(input) {
-    if (input.endsWith('.mp4') || input.endsWith('.webm') || input.endsWith('.ogg')) return true;
-    return false;
-}
+function isValidRecFileNameFormat(input) {
+    const pattern = /^Rec_(?:[A-Za-z0-9-_]+|[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12})_\d{4}_\d{2}_\d{2}_\d{2}_\d{2}_\d{2}\.(webm)$/;
+    return pattern.test(input);
+}
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
    "name": "mirotalksfu",
-    "version": "1.5.38",
+    "version": "1.5.39",
    "description": "WebRTC SFU browser-based video calls",
    "main": "Server.js",
    "scripts": {
--- a/public/js/Room.js
+++ b/public/js/Room.js
@@ -11,7 +11,7 @@ if (location.href.substr(0, 5) !== 'https') location.href = 'https' + location.h
 * @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
 * @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
 * @author  Miroslav Pejic - miroslav.pejic.85@gmail.com
- * @version 1.5.38
+ * @version 1.5.39
 *
 */

@@ -4335,7 +4335,7 @@ function showAbout() {
        imageUrl: image.about,
        customClass: { image: 'img-about' },
        position: 'center',
-        title: 'WebRTC SFU v1.5.38',
+        title: 'WebRTC SFU v1.5.39',
        html: `
        <br />
        <div id="about">
--- a/public/js/RoomClient.js
+++ b/public/js/RoomClient.js
@@ -9,7 +9,7 @@
 * @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
 * @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
 * @author  Miroslav Pejic - miroslav.pejic.85@gmail.com
- * @version 1.5.38
+ * @version 1.5.39
 *
 */