far/BattleBot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Jan 2025 Update

Browse Source 
Team Search Improvements:
Added required game selection before team name input
Added VR Battles image as the main embed image
Removed buttons for cleaner display
Added sorting by game mode (Squads > Duo > Solo)
Made team display more compact with icons and shortened stats
Added SQL injection protection and input sanitization
User Search Improvements:
Made game selection required before username input
Added VR Battles image as the main embed image
Added better user status messages:
played
Security Enhancements:
Added input validation and sanitization at multiple levels
Limited input lengths to prevent buffer overflow
Added proper error handling and logging
Implemented safe API calls with timeouts and validation
Added protection against SQL injection
Code Organization:
Improved error messages for better user feedback
Added comprehensive logging for monitoring
Made responses visible to everyone in the channel
Cleaned up code structure and removed redundant parts
Development Environment:
Set up proper development configuration
Added environment variable management
Improved command deployment process
This commit is contained in:
VinceC
2025-01-04 08:59:51 -06:00
parent 5a836a537f
commit 7e4354e37b
10 changed files with 1104 additions and 132 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
src/services/PlayerService.js
View File

@@ -70,35 +70,59 @@ class PlayerService {
return `${this.baseUrl}/profile/${username}/stats`;
}
async findTeamByName(teamName, gameFilter = null) {
async findTeamByName(teamName, gameFilter) {
try {
console.log(`Fetching team data for: ${teamName}${gameFilter ? ` in ${gameFilter}` : ''}`);
const url = `${this.baseUrl}/api/get_team_data_by_name/${encodeURIComponent(teamName)}`;
console.log(`API URL: ${url}`);
const response = await axios.get(url, {
timeout: 5000
});
console.log('API Response:', JSON.stringify(response.data, null, 2));
if (response.data && response.data.success) {
// Filter teams by game if gameFilter is provided
if (gameFilter && response.data.teams) {
response.data.teams = response.data.teams.filter(
team => team.game_name.toLowerCase() === gameFilter.toLowerCase()
);
}
// Double-check sanitization here as well for defense in depth
if (!teamName || typeof teamName !== 'string') {
throw new Error('Invalid team name provided');
}
// Additional sanitization at the service level
const sanitizedTeamName = teamName
.replace(/[^a-zA-Z0-9\s\-_.]/g, '')
.trim()
.slice(0, 100);
if (!sanitizedTeamName) {
throw new Error('Invalid team name after sanitization');
}
// Use URL encoding for the query parameters
const encodedTeamName = encodeURIComponent(sanitizedTeamName);
const url = `${this.baseUrl}/api/get_team_data_by_name/${encodedTeamName}`;
const response = await axios.get(url, {
timeout: 5000, // 5 second timeout
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json'
},
validateStatus: function (status) {
return status >= 200 && status < 300; // Only accept success status codes
}
});
// Validate response structure
if (!response.data || typeof response.data !== 'object') {
throw new Error('Invalid response format from API');
}
// If game filter is provided, filter the teams
if (gameFilter && response.data.teams) {
response.data.teams = response.data.teams.filter(
team => team.game_name === gameFilter
);
}
return response.data;
} catch (error) {
console.error('Error fetching team data:', {
message: error.message,
response: error.response?.data,
status: error.response?.status
this.logger.error('Error in findTeamByName:', {
error: error.message,
teamName,
gameFilter,
timestamp: new Date().toISOString()
});
return null;
return { success: false, error: 'Failed to fetch team data' };
}
}
}