Improve validation for gameId in createGame (#173)

I realized we should be careful about validation here after combing through the existing 30 GB of data and finding some strange stuff. Nothing with gameId being invalid luckily, but people have definitely been reading the code for fun.
ekzhang · Dec 23, 2024 · faeb411 · faeb411
1 parent a97f8cb
commit faeb411
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/functions/src/index.ts b/functions/src/index.ts
@@ -203,7 +203,8 @@ export const createGame = functions.https.onCall(async (data, context) => {
   if (
     !(typeof gameId === "string") ||
     gameId.length === 0 ||
-    gameId.length > MAX_GAME_ID_LENGTH
+    gameId.length > MAX_GAME_ID_LENGTH ||
+    !gameId.match(/^[a-zA-Z0-9_-]+$/)
   ) {
     throw new functions.https.HttpsError(
       "invalid-argument",