matty/peertube-plugin-livechat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Security Fix: mitigate ReDOS attacks on the chat bot.

Browse Source
This commit is contained in:
John Livingston
2025-06-06 16:37:06 +02:00
parent 98dc729447
commit 0be11fb2ae
9 changed files with 2068 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
server/main.ts
View File

@ -19,6 +19,7 @@ import { BotsCtl } from './lib/bots/ctl'
import { ExternalAuthOIDC } from './lib/external-auth/oidc'
import { migrateMUCAffiliations } from './lib/prosody/migration/migrateV10'
import { updateProsodyChannelEmojisRegex } from './lib/prosody/migration/migrateV12'
import { updateForbidSpecialCharsHandler } from './lib/prosody/migration/migrateV13'
import { Emojis } from './lib/emojis'
import { LivechatProsodyAuth } from './lib/prosody/auth'
import decache from 'decache'
@ -38,6 +39,15 @@ async function register (options: RegisterServerOptions): Promise<any> {
// First: load languages files, so we can localize strings.
await loadLoc()
try {
// livechat v13 migration:
// we must change the config for forbidden special chars. We must do this before BotConfiguration.initSingleton.
await updateForbidSpecialCharsHandler(options)
} catch (err: any) {
logger.error(err)
}
// Then load the BotConfiguration singleton
await BotConfiguration.initSingleton(options)
// Then load the RoomChannel singleton