From faeb411a29de8dadc1db2d0d5169a6a82814f4d9 Mon Sep 17 00:00:00 2001
From: Eric Zhang <ekzhang1@gmail.com>
Date: Mon, 23 Dec 2024 09:20:41 -0600
Subject: [PATCH] Improve validation for gameId in createGame (#173)

I realized we should be careful about validation here after combing through the existing 30 GB of data and finding some strange stuff. Nothing with gameId being invalid luckily, but people have definitely been reading the code for fun.
---
 functions/src/index.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/functions/src/index.ts b/functions/src/index.ts
index d87d1c9..24389bc 100644
--- a/functions/src/index.ts
+++ b/functions/src/index.ts
@@ -203,7 +203,8 @@ export const createGame = functions.https.onCall(async (data, context) => {
   if (
     !(typeof gameId === "string") ||
     gameId.length === 0 ||
-    gameId.length > MAX_GAME_ID_LENGTH
+    gameId.length > MAX_GAME_ID_LENGTH ||
+    !gameId.match(/^[a-zA-Z0-9_-]+$/)
   ) {
     throw new functions.https.HttpsError(
       "invalid-argument",