improve hash and integer analysis for id in /api/tokenTest

coralproject · Feb 27, 2025 · 815eee2 · 815eee2
1 parent 56de62d
commit 815eee2
Showing 1 changed file with 18 additions and 9 deletions.
diff --git a/server/src/core/server/app/handlers/api/auth/tokenTest/index.ts b/server/src/core/server/app/handlers/api/auth/tokenTest/index.ts
@@ -93,25 +93,34 @@ const analyseId = (id: string | undefined): PayloadComment[] => {
     });
   }
 
-  const hashRegex = new RegExp(/^[0-9a-zA-Z]{16-256}$/);
-  const hashResult = hashRegex.test(id);
-  if (hashResult) {
+  const nonDigitsRegex = new RegExp(/[^0-9]/);
+  let integerResult = false;
+  try {
+    const value = parseInt(id, 10);
+    const hasNonNumbers = nonDigitsRegex.test(id);
+
+    integerResult = value >= 0 && !hasNonNumbers;
+  } catch {
+    integerResult = false;
+  }
+
+  if (integerResult) {
     messages.push({
       type: AnalysisMessageType.Success,
-      message: "`user.id` appears to be a hash value.",
+      message: "`user.id` appears to be an integer value.",
     });
   }
 
-  const integerRegex = new RegExp(/^[0-9]{16-256}$/);
-  const integerResult = integerRegex.test(id);
-  if (integerResult) {
+  const hashRegex = new RegExp(/^[0-9a-zA-Z]{16,512}$/);
+  const hashResult = hashRegex.test(id);
+  if (!integerResult && hashResult) {
     messages.push({
       type: AnalysisMessageType.Success,
-      message: "`user.id` appears to be an integer value.",
+      message: "`user.id` appears to be a hash value.",
     });
   }
 
-  if (!uuidResult && !hashResult && !integerRegex) {
+  if (!uuidResult && !hashResult && !integerResult) {
     messages.push({
       type: AnalysisMessageType.Warning,
       message: