[mirotalksfu] - improvements

app/src/Server.js

@@ -44,7 +44,7 @@ dependencies: {
  * @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
  * @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
  * @author  Miroslav Pejic - miroslav.pejic.85@gmail.com
- * @version 1.5.41
+ * @version 1.5.42
  *
  */
 
@@ -470,8 +470,7 @@ function startServer() {
 
             if (!Validator.isValidRoomName(room)) {
                 return res.status(400).json({
-                    message:
-                        'Invalid Room name! Must be a UUID4 or an ALPHANUMERIC string without special characters or spaces.',
+                    message: 'Invalid Room name! Invalid Room name!\nPath traversal pattern detected!',
                 });
             }
 

app/src/Validator.js

@@ -4,21 +4,26 @@ function isValidRoomName(input) {
     if (typeof input !== 'string') {
         return false;
     }
-    const pattern =
-        /^(?:[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|[A-Za-z0-9-_]+)$/;
-    return pattern.test(input);
+    return !hasPathTraversal(input);
 }
 
 function isValidRecFileNameFormat(input) {
     if (typeof input !== 'string') {
         return false;
     }
-    const pattern =
-        /^Rec_(?:[A-Za-z0-9-_]+|[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12})_\d{4}_\d{2}_\d{2}_\d{2}_\d{2}_\d{2}\.(webm)$/;
-    return pattern.test(input);
+    if (!input.startsWith('Rec_') || !input.endsWith('.webm')) {
+        return false;
+    }
+    return !hasPathTraversal(input);
+}
+
+function hasPathTraversal(input) {
+    const pathTraversalPattern = /(\.\.(\/|\\))+/;
+    return pathTraversalPattern.test(input);
 }
 
 module.exports = {
     isValidRoomName,
     isValidRecFileNameFormat,
+    hasPathTraversal,
 };