deco/obs-ss-plugin-webui
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
obs-ss-plugin-webui/lib/security.ts
Decobus 5789986bb6
Some checks failed
Lint and Build / build (22) (pull_request) Failing after 32s
Details
Lint and Build / build (20) (pull_request) Failing after 34s
Details
Add OBS group management feature and documentation 
- Add group_name column to teams table for mapping teams to OBS groups
- Create API endpoints for group creation (/api/createGroup) and bulk sync (/api/syncGroups)
- Update teams UI with group status display and creation buttons
- Implement automatic group assignment when adding streams
- Add comprehensive OBS setup documentation (docs/OBS_SETUP.md)
- Fix team list spacing issue with explicit margins
- Update OBS client with group management functions
- Add database migration script for existing deployments

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-07-20 00:28:16 -04:00

119 lines
No EOL
3.3 KiB
TypeScript
Raw Blame History

// Security utilities for input validation and sanitization
export const VALID_SCREENS = ['large', 'left', 'right', 'topLeft', 'topRight', 'bottomLeft', 'bottomRight'] as const;
export type ValidScreen = typeof VALID_SCREENS[number];
// Input validation functions
export function isValidScreen(screen: string): screen is ValidScreen {
return VALID_SCREENS.includes(screen as ValidScreen);
}
export function isValidUrl(url: string): boolean {
try {
const urlObj = new URL(url);
return ['http:', 'https:'].includes(urlObj.protocol);
} catch {
return false;
}
}
export function isPositiveInteger(value: unknown): value is number {
return Number.isInteger(value) && Number(value) > 0;
}
export function validateInteger(value: unknown): number | null {
const num = Number(value);
if (Number.isInteger(num) && num > 0) {
return num;
}
return null;
}
// String sanitization
export function sanitizeString(input: string, maxLength: number = 100): string {
// Remove potentially dangerous characters and limit length
return input.replace(/[<>"/\\&]/g, '').trim().substring(0, maxLength);
}
// Validation schemas
export interface StreamInput {
name: string;
obs_source_name: string;
url: string;
team_id: number;
}
export interface ScreenInput {
screen: string;
id: number;
}
export function validateStreamInput(input: unknown): { valid: boolean; errors: string[]; data?: StreamInput } {
const errors: string[] = [];
const data = input as Record<string, unknown>;
if (!data.name || typeof data.name !== 'string') {
errors.push('Name is required and must be a string');
} else if (data.name.length > 100) {
errors.push('Name must be 100 characters or less');
}
if (!data.obs_source_name || typeof data.obs_source_name !== 'string') {
errors.push('OBS source name is required and must be a string');
} else if (data.obs_source_name.length > 100) {
errors.push('OBS source name must be 100 characters or less');
}
if (!data.url || typeof data.url !== 'string') {
errors.push('URL is required and must be a string');
} else if (!isValidUrl(data.url)) {
errors.push('URL must be a valid http:// or https:// URL');
}
if (!isPositiveInteger(data.team_id)) {
errors.push('Team ID must be a positive integer');
}
if (errors.length > 0) {
return { valid: false, errors };
}
return {
valid: true,
errors: [],
data: {
name: sanitizeString(data.name as string),
obs_source_name: sanitizeString(data.obs_source_name as string),
url: data.url as string,
team_id: data.team_id as number,
},
};
}
export function validateScreenInput(input: unknown): { valid: boolean; errors: string[]; data?: ScreenInput } {
const errors: string[] = [];
const data = input as Record<string, unknown>;
if (!data.screen || typeof data.screen !== 'string') {
errors.push('Screen is required and must be a string');
} else if (!isValidScreen(data.screen)) {
errors.push(`Screen must be one of: ${VALID_SCREENS.join(', ')}`);
}
if (!isPositiveInteger(data.id)) {
errors.push('ID must be a positive integer');
}
if (errors.length > 0) {
return { valid: false, errors };
}
return {
valid: true,
errors: [],
data: {
screen: data.screen as string,
id: data.id as number,
},
};
}
Reference in a new issue View git blame Copy permalink