Jan 2025 Update
Team Search Improvements: Added required game selection before team name input Added VR Battles image as the main embed image Removed buttons for cleaner display Added sorting by game mode (Squads > Duo > Solo) Made team display more compact with icons and shortened stats Added SQL injection protection and input sanitization User Search Improvements: Made game selection required before username input Added VR Battles image as the main embed image Added better user status messages: played Security Enhancements: Added input validation and sanitization at multiple levels Limited input lengths to prevent buffer overflow Added proper error handling and logging Implemented safe API calls with timeouts and validation Added protection against SQL injection Code Organization: Improved error messages for better user feedback Added comprehensive logging for monitoring Made responses visible to everyone in the channel Cleaned up code structure and removed redundant parts Development Environment: Set up proper development configuration Added environment variable management Improved command deployment process
This commit is contained in:
VinceC
@@ -151,10 +151,40 @@ class CommandHandler {
|
||||
const username = interaction.options.getString('username');
|
||||
const gameFilter = interaction.options.getString('game');
|
||||
|
||||
const userData = await this.playerService.findUserByUsername(username);
|
||||
// Input validation
|
||||
if (!username || typeof username !== 'string') {
|
||||
await interaction.editReply({
|
||||
content: '❌ Invalid username provided.'
|
||||
});
|
||||
return;
|
||||
}
|
||||
|
||||
// Enhanced sanitization
|
||||
const sanitizedUsername = username
|
||||
.replace(/[^a-zA-Z0-9\s\-_.]/g, '')
|
||||
.trim()
|
||||
.slice(0, 100);
|
||||
|
||||
if (!sanitizedUsername) {
|
||||
await interaction.editReply({
|
||||
content: '❌ Username must contain valid characters (letters, numbers, spaces, hyphens, underscores, or periods).'
|
||||
});
|
||||
return;
|
||||
}
|
||||
|
||||
// Log sanitized input for monitoring
|
||||
this.logger.debug('User search input:', {
|
||||
original: username,
|
||||
sanitized: sanitizedUsername,
|
||||
game: gameFilter,
|
||||
userId: interaction.user.id,
|
||||
timestamp: new Date().toISOString()
|
||||
});
|
||||
|
||||
const userData = await this.playerService.findUserByUsername(sanitizedUsername);
|
||||
if (!userData || !userData.success) {
|
||||
await interaction.editReply({
|
||||
content: '❌ User not found or an error occurred while fetching data.',
|
||||
content: '❌ User not found or an error occurred while fetching data.'
|
||||
});
|
||||
return;
|
||||
}
|
||||
@@ -163,20 +193,43 @@ class CommandHandler {
|
||||
? JSON.parse(userData.player_data)
|
||||
: userData.player_data;
|
||||
|
||||
// Check if the user is on a team for the specified game
|
||||
const isOnTeam = playerData.teams && Object.values(playerData.teams)
|
||||
.some(team => team.game_name === gameFilter);
|
||||
|
||||
// Check if the user has played the specified game
|
||||
const hasPlayedGame = playerData.stats?.games &&
|
||||
Object.keys(playerData.stats.games)
|
||||
.some(game => game.toLowerCase() === gameFilter.toLowerCase());
|
||||
|
||||
if (!hasPlayedGame) {
|
||||
const teamMessage = isOnTeam ?
|
||||
`\nThey are on a team for ${gameFilter} but haven't played any matches yet.` :
|
||||
'';
|
||||
await interaction.editReply({
|
||||
content: `✅ User found, but they haven't played ${gameFilter} yet.${teamMessage}`
|
||||
});
|
||||
return;
|
||||
}
|
||||
|
||||
const embed = EmbedBuilders.createUserEmbed(playerData, gameFilter, this.playerService);
|
||||
const row = this.createActionRow(playerData.username);
|
||||
|
||||
await interaction.editReply({
|
||||
embeds: [embed],
|
||||
components: [row],
|
||||
components: [row]
|
||||
});
|
||||
} catch (error) {
|
||||
this.logger.error('Error in handleFindUser:', {
|
||||
error: error.message,
|
||||
username: interaction.options.getString('username'),
|
||||
game: interaction.options.getString('game'),
|
||||
userId: interaction.user.id,
|
||||
timestamp: new Date().toISOString()
|
||||
});
|
||||
throw error;
|
||||
await interaction.editReply({
|
||||
content: '❌ An error occurred while searching for the user.'
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
@@ -225,47 +278,64 @@ class CommandHandler {
|
||||
const teamName = interaction.options.getString('teamname');
|
||||
const gameFilter = interaction.options.getString('game');
|
||||
|
||||
const teamData = await this.playerService.findTeamByName(teamName, gameFilter);
|
||||
if (!teamData || !teamData.success || !teamData.teams || teamData.teams.length === 0) {
|
||||
// Input validation
|
||||
if (!teamName || typeof teamName !== 'string') {
|
||||
await interaction.editReply({
|
||||
content: '❌ No teams found matching your search criteria.',
|
||||
content: '❌ Invalid team name provided.'
|
||||
});
|
||||
return;
|
||||
}
|
||||
|
||||
const embed = EmbedBuilders.createTeamEmbed(teamData.teams);
|
||||
// Enhanced sanitization - only allow alphanumeric characters, spaces, and specific symbols
|
||||
// Limit the length to prevent buffer overflow attacks
|
||||
const sanitizedTeamName = teamName
|
||||
.replace(/[^a-zA-Z0-9\s\-_.]/g, '') // Remove any characters that aren't alphanumeric, space, hyphen, underscore, or period
|
||||
.trim()
|
||||
.slice(0, 100); // Limit length to 100 characters
|
||||
|
||||
// Create buttons for each team
|
||||
const rows = teamData.teams.slice(0, 5).map(team => {
|
||||
return new ActionRowBuilder().addComponents(
|
||||
new ButtonBuilder()
|
||||
.setLabel(`🔵 View ${team.name} (${team.game_mode})`)
|
||||
.setStyle(ButtonStyle.Link)
|
||||
.setURL(`${this.playerService.baseUrl}/teams/${team.id}`),
|
||||
);
|
||||
if (!sanitizedTeamName) {
|
||||
await interaction.editReply({
|
||||
content: '❌ Team name must contain valid characters (letters, numbers, spaces, hyphens, underscores, or periods).'
|
||||
});
|
||||
return;
|
||||
}
|
||||
|
||||
// Log sanitized input for monitoring
|
||||
this.logger.debug('Team search input:', {
|
||||
original: teamName,
|
||||
sanitized: sanitizedTeamName,
|
||||
game: gameFilter,
|
||||
userId: interaction.user.id,
|
||||
timestamp: new Date().toISOString()
|
||||
});
|
||||
|
||||
// Add Discord join button in a separate row
|
||||
rows.push(
|
||||
new ActionRowBuilder().addComponents(
|
||||
new ButtonBuilder()
|
||||
.setLabel('🟡 Join Discord')
|
||||
.setStyle(ButtonStyle.Link)
|
||||
.setURL('https://discord.gg/j3DKVATPGQ')
|
||||
)
|
||||
);
|
||||
// Game filter is pre-validated by Discord's slash command choices
|
||||
const teamData = await this.playerService.findTeamByName(sanitizedTeamName, gameFilter);
|
||||
|
||||
if (!teamData || !teamData.success || !teamData.teams || teamData.teams.length === 0) {
|
||||
await interaction.editReply({
|
||||
content: '❌ No teams found matching your search criteria.'
|
||||
});
|
||||
return;
|
||||
}
|
||||
|
||||
const embeds = EmbedBuilders.createTeamEmbed(teamData.teams);
|
||||
|
||||
await interaction.editReply({
|
||||
embeds: [embed],
|
||||
components: rows,
|
||||
embeds: embeds,
|
||||
components: []
|
||||
});
|
||||
} catch (error) {
|
||||
this.logger.error('Error in handleFindTeam:', {
|
||||
error: error.message,
|
||||
teamname: interaction.options.getString('teamname'),
|
||||
teamName: interaction.options.getString('teamname'),
|
||||
game: interaction.options.getString('game'),
|
||||
userId: interaction.user.id,
|
||||
timestamp: new Date().toISOString()
|
||||
});
|
||||
throw error;
|
||||
await interaction.editReply({
|
||||
content: '❌ An error occurred while searching for teams.'
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user