From b98e8df939b6b24902314822b6edc766fdbed51c Mon Sep 17 00:00:00 2001 From: yqrashawn Date: Wed, 29 Nov 2023 11:50:49 +0800 Subject: [PATCH] fix: universal link regex fixes #17869 Signed-off-by: yqrashawn --- src/status_im2/common/router.cljs | 13 ++++++------- src/status_im2/constants.cljs | 30 +++++++++++++++++++++++++++-- src/utils/universal_links_test.cljs | 18 ++++++++++++----- src/utils/validators.cljs | 9 +++++---- 4 files changed, 52 insertions(+), 18 deletions(-) diff --git a/src/status_im2/common/router.cljs b/src/status_im2/common/router.cljs index 7b68d8457384..ccdceee31a5e 100644 --- a/src/status_im2/common/router.cljs +++ b/src/status_im2/common/router.cljs @@ -35,11 +35,9 @@ "/" :group-chat}}) (def eip-extractor - {#{[:prefix "-" :address] - [:address]} + {#{[:prefix "-" :address] [:address]} {#{["@" :chain-id] ""} - {#{["/" :function] ""} - :ethereum}}}) + {#{["/" :function] ""} :ethereum}}}) (def routes ["" @@ -82,6 +80,7 @@ ;; fragment is the one after `#`, usually user-id, ens-name, community-id fragment (parse-fragment uri) ens? (utils.ens/is-valid-eth-name? fragment) + compressed-key? (validators/valid-compressed-key? fragment) {:keys [handler route-params] :as parsed} (assoc (bidi/match-route routes uri-without-equal-in-path) @@ -91,7 +90,7 @@ ens? (assoc-in [:route-params :ens-name] fragment) - (and (or (= handler :community) (= handler :community-chat)) fragment) + (and (or (= handler :community) (= handler :community-chat)) compressed-key?) (assoc-in [:route-params :community-id] fragment) (and equal-end-of-base64url (= handler :community) (:community-data route-params)) @@ -100,7 +99,7 @@ (and equal-end-of-base64url (= handler :community-chat) (:community-data route-params)) (update-in [:route-params :community-data] #(str % equal-end-of-base64url)) - (and fragment (= handler :community-chat) (:community-data route-params)) + (and compressed-key? (= handler :community-chat) (:community-data route-params)) (assoc-in [:route-params :community-id] fragment) (and fragment @@ -113,7 +112,7 @@ (and equal-end-of-base64url (= handler :user) (:user-data route-params)) (update-in [:route-params :user-data] #(str % equal-end-of-base64url)) - (and (= handler :user) fragment) + (and (= handler :user) compressed-key?) (assoc-in [:route-params :user-id] fragment)))) (defn match-contact-async diff --git a/src/status_im2/constants.cljs b/src/status_im2/constants.cljs index ba1591c773fc..df78e08c43cd 100644 --- a/src/status_im2/constants.cljs +++ b/src/status_im2/constants.cljs @@ -1,4 +1,6 @@ -(ns status-im2.constants) +(ns status-im2.constants + (:require + [clojure.string :as string])) (def ^:const ms-in-bg-for-require-bioauth 5000) @@ -182,12 +184,36 @@ (def ^:const method-id-approve "0x095ea7b3") (def ^:const method-id-approve-and-call "0xcae9ca51") +(def regx-string-universal-link-encoded-data-base64 + "(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?") +(def regx-universal-link-encoded-data-base64 + (str "^" regx-string-universal-link-encoded-data-base64 "$")) +(def regx-string-any-ascii "[\\x00-\\x7F]") +(def regx-string-compressed-key "zQ3[0-9A-HJ-NP-Za-km-z]{46}") +(def regx-string-public-key "0x04[0-9a-f]{128}") +(def regx-compressed-key (re-pattern (str "^" regx-string-compressed-key "$"))) +(def regx-public-key (re-pattern (str "^" regx-string-public-key "$"))) (def regx-emoji #"^((?:[\u261D\u26F9\u270A-\u270D]|\uD83C[\uDF85\uDFC2-\uDFC4\uDFC7\uDFCA-\uDFCC]|\uD83D[\uDC42\uDC43\uDC46-\uDC50\uDC66-\uDC69\uDC6E\uDC70-\uDC78\uDC7C\uDC81-\uDC83\uDC85-\uDC87\uDCAA\uDD74\uDD75\uDD7A\uDD90\uDD95\uDD96\uDE45-\uDE47\uDE4B-\uDE4F\uDEA3\uDEB4-\uDEB6\uDEC0\uDECC]|\uD83E[\uDD18-\uDD1C\uDD1E\uDD1F\uDD26\uDD30-\uDD39\uDD3D\uDD3E\uDDD1-\uDDDD])(?:\uD83C[\uDFFB-\uDFFF])?|(?:[\u231A\u231B\u23E9-\u23EC\u23F0\u23F3\u25FD\u25FE\u2614\u2615\u2648-\u2653\u267F\u2693\u26A1\u26AA\u26AB\u26BD\u26BE\u26C4\u26C5\u26CE\u26D4\u26EA\u26F2\u26F3\u26F5\u26FA\u26FD\u2705\u270A\u270B\u2728\u274C\u274E\u2753-\u2755\u2757\u2795-\u2797\u27B0\u27BF\u2B1B\u2B1C\u2B50\u2B55]|\uD83C[\uDC04\uDCCF\uDD8E\uDD91-\uDD9A\uDDE6-\uDDFF\uDE01\uDE1A\uDE2F\uDE32-\uDE36\uDE38-\uDE3A\uDE50\uDE51\uDF00-\uDF20\uDF2D-\uDF35\uDF37-\uDF7C\uDF7E-\uDF93\uDFA0-\uDFCA\uDFCF-\uDFD3\uDFE0-\uDFF0\uDFF4\uDFF8-\uDFFF]|\uD83D[\uDC00-\uDC3E\uDC40\uDC42-\uDCFC\uDCFF-\uDD3D\uDD4B-\uDD4E\uDD50-\uDD67\uDD7A\uDD95\uDD96\uDDA4\uDDFB-\uDE4F\uDE80-\uDEC5\uDECC\uDED0-\uDED2\uDEEB\uDEEC\uDEF4-\uDEF8]|\uD83E[\uDD10-\uDD3A\uDD3C-\uDD3E\uDD40-\uDD45\uDD47-\uDD4C\uDD50-\uDD6B\uDD80-\uDD97\uDDC0\uDDD0-\uDDE6])|(?:[#\*0-9\xA9\xAE\u203C\u2049\u2122\u2139\u2194-\u2199\u21A9\u21AA\u231A\u231B\u2328\u23CF\u23E9-\u23F3\u23F8-\u23FA\u24C2\u25AA\u25AB\u25B6\u25C0\u25FB-\u25FE\u2600-\u2604\u260E\u2611\u2614\u2615\u2618\u261D\u2620\u2622\u2623\u2626\u262A\u262E\u262F\u2638-\u263A\u2640\u2642\u2648-\u2653\u2660\u2663\u2665\u2666\u2668\u267B\u267F\u2692-\u2697\u2699\u269B\u269C\u26A0\u26A1\u26AA\u26AB\u26B0\u26B1\u26BD\u26BE\u26C4\u26C5\u26C8\u26CE\u26CF\u26D1\u26D3\u26D4\u26E9\u26EA\u26F0-\u26F5\u26F7-\u26FA\u26FD\u2702\u2705\u2708-\u270D\u270F\u2712\u2714\u2716\u271D\u2721\u2728\u2733\u2734\u2744\u2747\u274C\u274E\u2753-\u2755\u2757\u2763\u2764\u2795-\u2797\u27A1\u27B0\u27BF\u2934\u2935\u2B05-\u2B07\u2B1B\u2B1C\u2B50\u2B55\u3030\u303D\u3297\u3299]|\uD83C[\uDC04\uDCCF\uDD70\uDD71\uDD7E\uDD7F\uDD8E\uDD91-\uDD9A\uDDE6-\uDDFF\uDE01\uDE02\uDE1A\uDE2F\uDE32-\uDE3A\uDE50\uDE51\uDF00-\uDF21\uDF24-\uDF93\uDF96\uDF97\uDF99-\uDF9B\uDF9E-\uDFF0\uDFF3-\uDFF5\uDFF7-\uDFFF]|\uD83D[\uDC00-\uDCFD\uDCFF-\uDD3D\uDD49-\uDD4E\uDD50-\uDD67\uDD6F\uDD70\uDD73-\uDD7A\uDD87\uDD8A-\uDD8D\uDD90\uDD95\uDD96\uDDA4\uDDA5\uDDA8\uDDB1\uDDB2\uDDBC\uDDC2-\uDDC4\uDDD1-\uDDD3\uDDDC-\uDDDE\uDDE1\uDDE3\uDDE8\uDDEF\uDDF3\uDDFA-\uDE4F\uDE80-\uDEC5\uDECB-\uDED2\uDEE0-\uDEE5\uDEE9\uDEEB\uDEEC\uDEF0\uDEF3-\uDEF8]|\uD83E[\uDD10-\uDD3A\uDD3C-\uDD3E\uDD40-\uDD45\uDD47-\uDD4C\uDD50-\uDD6B\uDD80-\uDD97\uDDC0\uDDD0-\uDDE6])\uFE0F|[\t-\r \xA0\u1680\u2000-\u200A\u2028\u2029\u202F\u205F\u3000\uFEFF])+$") (def regx-bold #"\*[^*]+\*") (def regx-italic #"~[^~]+~") (def regx-backquote #"`[^`]+`") -(def regx-universal-link #"((^https?://status.app/)|(^status-app://))[\x00-\x7F]+$") +(def regx-string-universal-link + (str "((^https?://status.app/)|(^status-app://))" + "(" + (string/join + "|" + [(str "u/" regx-string-universal-link-encoded-data-base64 "#" regx-string-compressed-key) + (str "u#" regx-string-compressed-key) + (str "c/" regx-string-universal-link-encoded-data-base64 "#" regx-string-compressed-key) + (str "c#" regx-string-compressed-key) + (str "cc/" regx-string-universal-link-encoded-data-base64 "#" regx-string-compressed-key) + (str "p/" regx-string-any-ascii "+") + (str "cr/" regx-string-any-ascii "+") + (str "g/" regx-string-any-ascii "+") + (str "wallet/" regx-string-any-ascii "+")]) + ")$")) +(def regx-universal-link (re-pattern regx-string-universal-link)) (def regx-community-universal-link #"((^https?://status.app/)|(^status-app://))c/([\x00-\x7F]+)$") (def regx-deep-link #"((^ethereum:.*)|(^status-app://[\x00-\x7F]+$))") (def regx-ens #"^(?=.{5,255}$)([a-zA-Z0-9-]+\.)*[a-zA-Z0-9-]+\.[a-zA-Z]{2,}$") diff --git a/src/utils/universal_links_test.cljs b/src/utils/universal_links_test.cljs index 64724a7e99fc..419373261708 100644 --- a/src/utils/universal_links_test.cljs +++ b/src/utils/universal_links_test.cljs @@ -5,8 +5,8 @@ (deftest universal-link-test (testing "status-app://blah" - (testing "it returns true" - (is (links/universal-link? "status-app://blah")))) + (testing "it returns false" + (is (not (links/universal-link? "status-app://blah"))))) (testing "status-app://blah" (testing "it returns true" (is (links/deep-link? "status-app://blah")))) @@ -14,11 +14,19 @@ (testing "it returns true" (is (links/deep-link? "ethereum:0x89205a3a3b2a69de6dbf7f01ed13b2108b2c43e7")))) (testing "http://status.app/blah" + (testing "it returns false" + (is (not (links/universal-link? "http://status.app/blah"))))) + (testing "http://status.app/c#zQ3shPyZJnxZK4Bwyx9QsaksNKDYTPmpwPvGSjMYVHoXHeEgB" (testing "it returns true" - (is (links/universal-link? "http://status.app/blah")))) - (testing "https://status.app/blah" + (is (links/universal-link? + "http://status.app/c#zQ3shPyZJnxZK4Bwyx9QsaksNKDYTPmpwPvGSjMYVHoXHeEgB")))) + (testing "http://status.app/u#zQ3shPyZJnxZK4Bwyx9QsaksNKDYTPmpwPvGSjMYVHoXHeEgB" (testing "it returns true" - (is (links/universal-link? "https://status.app/blah")))) + (is (links/universal-link? + "http://status.app/u#zQ3shPyZJnxZK4Bwyx9QsaksNKDYTPmpwPvGSjMYVHoXHeEgB")))) + (testing "https://status.app/blah" + (testing "it returns false" + (is (not (links/universal-link? "https://status.app/blah"))))) (testing "unicode characters" (testing "it returns false" (is (not (links/universal-link? "https://status.app/browse/www.аррӏе.com"))))) diff --git a/src/utils/validators.cljs b/src/utils/validators.cljs index 78d091aec5bd..92f6152e7b8a 100644 --- a/src/utils/validators.cljs +++ b/src/utils/validators.cljs @@ -1,14 +1,15 @@ -(ns utils.validators) +(ns utils.validators + (:require + [status-im2.constants :as constants])) (defn valid-public-key? [s] (and (string? s) (not-empty s) - (boolean (re-matches #"0x04[0-9a-f]{128}" s)))) + (boolean (re-matches constants/regx-public-key s)))) (defn valid-compressed-key? [s] (and (string? s) (not-empty s) - (boolean (re-matches #"^zQ3[0-9A-HJ-NP-Za-km-z]{46}" s)))) - + (boolean (re-matches constants/regx-compressed-key s))))