From e0dec74861941dde2cf16c6053eb35dbeb34d5ee Mon Sep 17 00:00:00 2001 From: Yaroslav Grachev Date: Mon, 30 Sep 2024 14:50:12 +0300 Subject: [PATCH] fix: start param validation --- .../api/telegram/__tests__/bot-api.test.ts | 19 +++++++++++++++++++ app/shared/api/telegram/bot-api.ts | 5 +++++ app/ui/molecules/GiftClaim/GiftClaim.tsx | 3 ++- 3 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 app/shared/api/telegram/__tests__/bot-api.test.ts diff --git a/app/shared/api/telegram/__tests__/bot-api.test.ts b/app/shared/api/telegram/__tests__/bot-api.test.ts new file mode 100644 index 00000000..8ee1e063 --- /dev/null +++ b/app/shared/api/telegram/__tests__/bot-api.test.ts @@ -0,0 +1,19 @@ +import { describe, expect, test } from 'vitest'; + +import { botApi } from '../bot-api'; + +describe('shared/api/telegram/bot-api', () => { + test.each([ + ['acbdeacbdeacbde12345_12_WND', true], // valid (with chainIndex) + ['acbdeacbdeacbde12345_wnd', true], // valid (no chainIndex) + ['acbdeacbdeacbdeabcde_12_wnd', true], // valid (no digits inside entropy) + ['acbdeacbdeacbde12345_12_23_wnd', false], // double chainIndex + ['qwertqwertqwert12345_12_wnd', false], // wrong letters inside entropy + ['acbdeacbdeacbde12345_12', false], // no asset symbol + ['', false], // no data at all + ])('should validate Telegram StartParam', (value, expectedResult) => { + const result = botApi.validateStartParam(value); + + expect(result).toEqual(expectedResult); + }); +}); diff --git a/app/shared/api/telegram/bot-api.ts b/app/shared/api/telegram/bot-api.ts index 1e5fc153..7cd44b64 100644 --- a/app/shared/api/telegram/bot-api.ts +++ b/app/shared/api/telegram/bot-api.ts @@ -7,6 +7,7 @@ const SUBMIT_WALLET_PATH = 'submit/wallet'; export const botApi = { submitPublicKey, createTelegramLink, + validateStartParam, }; async function submitPublicKey(publicKey: PublicKey, baseUrl: string): Promise { @@ -58,3 +59,7 @@ function createTelegramLink({ botUrl, appName, amount, secret, chainIndex, symbo return { url: url.toString(), text }; } + +function validateStartParam(value: string): boolean { + return /^[a-f0-9]{20}_([0-9]+_)?[a-z]+$/i.test(value); +} diff --git a/app/ui/molecules/GiftClaim/GiftClaim.tsx b/app/ui/molecules/GiftClaim/GiftClaim.tsx index eb9593a2..3b6a501b 100644 --- a/app/ui/molecules/GiftClaim/GiftClaim.tsx +++ b/app/ui/molecules/GiftClaim/GiftClaim.tsx @@ -11,7 +11,7 @@ import { type BN, BN_ZERO } from '@polkadot/util'; import { useGlobalContext } from '@/common/providers'; import { networkModel } from '@/models/network'; import { walletModel } from '@/models/wallet'; -import { TelegramApi, balancesFactory, transferFactory } from '@/shared/api'; +import { TelegramApi, balancesFactory, botApi, transferFactory } from '@/shared/api'; import { getGiftInfo, toFormattedBalance } from '@/shared/helpers'; import { type Asset } from '@/types/substrate'; import { BigTitle, Icon, LottiePlayer, Shimmering } from '@/ui/atoms'; @@ -47,6 +47,7 @@ export const GiftClaim = () => { useEffect(() => { if (isGiftClaimed || !startParam || !wallet) return; + if (!botApi.validateStartParam(startParam)) return; setIsOpen(true); const giftInfo = getGiftInfo(Object.values(chains), wallet, startParam);