From b6163fbb104221b622680645dc3a77cbab03695d Mon Sep 17 00:00:00 2001 From: HF Date: Sat, 20 May 2023 18:47:57 +0200 Subject: [PATCH] enforce canvas bounds block users from other servers from the bridge --- ppfun-bridge/src/pixelplanet/constants.js | 2 +- ppfun-bridge/src/pixelplanet/index.js | 9 ++++++++- ppfun-bridge/src/ppfunMatrixBridge.js | 6 ++++++ 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/ppfun-bridge/src/pixelplanet/constants.js b/ppfun-bridge/src/pixelplanet/constants.js index a3a9fd7..013a115 100644 --- a/ppfun-bridge/src/pixelplanet/constants.js +++ b/ppfun-bridge/src/pixelplanet/constants.js @@ -2,4 +2,4 @@ export const WIDTH = 800; export const HEIGHT = 600; export const MAX_SCALE = 40; // 52 in log2 export const TILE_SIZE = 256; -export const TILE_ZOOM_LEVEL = 4; +export const TILE_ZOOM_LEVEL = 2; diff --git a/ppfun-bridge/src/pixelplanet/index.js b/ppfun-bridge/src/pixelplanet/index.js index bb9b335..85fba56 100644 --- a/ppfun-bridge/src/pixelplanet/index.js +++ b/ppfun-bridge/src/pixelplanet/index.js @@ -40,7 +40,14 @@ export async function parseCanvasLinks(text) { const [ canvasIdent, x, y, z ] = coordsParts; const canvas = canvases.get(canvasIdent); - if (!canvas) { + const upperBound = canvas.size / 2 - 1; + const lowerBound = canvas.size / -2; + if (!canvas + || x > upperBound + || y > upperBound + || x < lowerBound + || y < lowerBound + ) { return; } console.log(`Fetch canvas ${canvas.title} on ${x}/${y} with zoom ${z}`); diff --git a/ppfun-bridge/src/ppfunMatrixBridge.js b/ppfun-bridge/src/ppfunMatrixBridge.js index 1bd3e62..c66e19f 100644 --- a/ppfun-bridge/src/ppfunMatrixBridge.js +++ b/ppfun-bridge/src/ppfunMatrixBridge.js @@ -176,6 +176,12 @@ class PPfunMatrixBridge { } const userId = event.sender; + + // block none :pixelplanet.fun users + if (!userId.endsWith(this.domain)) { + return; + } + const uid = (userId.startsWith(`@${this.prefix}_`) && userId.endsWith(this.domain)) ? userId.slice(2 + this.prefix.length, -this.domain.length - 1)