From af15f8d09db6c1709950bf9d00ffb77613fbcf8a Mon Sep 17 00:00:00 2001
From: "Acid Chicken (硫酸鶏)" <root@acid-chicken.com>
Date: Sun, 3 Dec 2023 14:38:42 +0900
Subject: fix(backend): reject malformed timestamp (#12554)

---
 packages/backend/src/core/IdService.ts | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

(limited to 'packages/backend/src/core/IdService.ts')

diff --git a/packages/backend/src/core/IdService.ts b/packages/backend/src/core/IdService.ts
index c98b8ea6fc..43e72d2d7b 100644
--- a/packages/backend/src/core/IdService.ts
+++ b/packages/backend/src/core/IdService.ts
@@ -7,11 +7,11 @@ import { Inject, Injectable } from '@nestjs/common';
 import { ulid } from 'ulid';
 import { DI } from '@/di-symbols.js';
 import type { Config } from '@/config.js';
-import { genAid, parseAid } from '@/misc/id/aid.js';
-import { genAidx, parseAidx } from '@/misc/id/aidx.js';
-import { genMeid, parseMeid } from '@/misc/id/meid.js';
-import { genMeidg, parseMeidg } from '@/misc/id/meidg.js';
-import { genObjectId, parseObjectId } from '@/misc/id/object-id.js';
+import { genAid, isSafeAidT, parseAid } from '@/misc/id/aid.js';
+import { genAidx, isSafeAidxT, parseAidx } from '@/misc/id/aidx.js';
+import { genMeid, isSafeMeidT, parseMeid } from '@/misc/id/meid.js';
+import { genMeidg, isSafeMeidgT, parseMeidg } from '@/misc/id/meidg.js';
+import { genObjectId, isSafeObjectIdT, parseObjectId } from '@/misc/id/object-id.js';
 import { bindThis } from '@/decorators.js';
 import { parseUlid } from '@/misc/id/ulid.js';
 
@@ -26,6 +26,19 @@ export class IdService {
 		this.method = config.id.toLowerCase();
 	}
 
+	@bindThis
+	public isSafeT(t: number): boolean {
+		switch (this.method) {
+			case 'aid': return isSafeAidT(t);
+			case 'aidx': return isSafeAidxT(t);
+			case 'meid': return isSafeMeidT(t);
+			case 'meidg': return isSafeMeidgT(t);
+			case 'ulid': return t > 0;
+			case 'objectid': return isSafeObjectIdT(t);
+			default: throw new Error('unrecognized id generation method');
+		}
+	}
+
 	/**
 	 * 時間を元にIDを生成します(省略時は現在日時)
 	 * @param time 日時
-- 
cgit v1.2.3-freya