Harden feed/profile routes against invalid IDs and null profiles

2026-02-20 19:09:15 -05:00
parent 0b36db9b33
commit c136d25974
4 changed files with 74 additions and 35 deletions
--- a/middleware/sessionChecker.js
+++ b/middleware/sessionChecker.js
@@ -2,19 +2,30 @@ const { getSessionId, getUserId, getProfileId } = require('../utils/sessionUtils
 const { client_logger } = require('../utils/analyticsLogger');
 const { cookiesOptions } = require('../config/cookiesOptions');
 const MongoDB = require("../mongoDB.js");
+const { ObjectId } = require("mongodb");

 const sessionChecker = async (req, res, next) => {
-    const session_id = getSessionId(req);
-    const user_sid = getUserId(req);
-    let profile_id = getProfileId(req);
+    try {
+        const session_id = getSessionId(req);
+        const user_sid = getUserId(req);
+        let profile_id = getProfileId(req);

-    if (session_id && user_sid) {
-        DB = await MongoDB.getDB;
+        if (!session_id || !user_sid) {
+            return res.redirect('/login');
+        }
+        if (!ObjectId.isValid(session_id) || !ObjectId.isValid(user_sid)) {
+            return res.redirect('/login');
+        }
+
+        const DB = await MongoDB.getDB;
        const userInfo = await DB.checkSessionOnDB(session_id, user_sid);
        req.userInfo = userInfo;

        if (!await DB.getProfileCache(profile_id)) {
            const latestProfile = await DB.latestProfile(user_sid);
+            if (!latestProfile || !latestProfile._id) {
+                return res.redirect('/login');
+            }
            res.cookie('profile_id', latestProfile._id, cookiesOptions);
            profile_id = latestProfile._id;
        }
@@ -23,16 +34,16 @@ const sessionChecker = async (req, res, next) => {

        if (!userInfo) return res.redirect('/login');

-        // Log Request
        client_logger.capture({
            distinctId: user_sid,
            event: 'server@' + req.method + '@' + req.originalUrl,
        });

        next();
-    } else {
+    } catch (error) {
+        console.error("Session checker error", error);
        return res.redirect('/login');
    }
 };

-module.exports = sessionChecker;
+module.exports = sessionChecker;