Merge pull request #87 from aniket866/fixing-input-validation

Harden InputHandler Against Event Flooding and Oversized Payload Attacks (Add Rate Limiting & Input Safeguards)

Author: imxade

src/server/InputHandler.ts

@@ -14,11 +14,73 @@ export interface InputMessage {
 }
 
 export class InputHandler {
+    private lastMoveTime = 0;
+    private lastScrollTime = 0;
+    private pendingMove: InputMessage | null = null;
+    private pendingScroll: InputMessage | null = null;
+    private moveTimer: ReturnType<typeof setTimeout> | null = null;
+    private scrollTimer: ReturnType<typeof setTimeout> | null = null;
+
     constructor() {
         mouse.config.mouseSpeed = 1000;
     }
 
     async handleMessage(msg: InputMessage) {
+        // Validation: Text length sanitation
+        if (msg.text && msg.text.length > 500) {
+            msg.text = msg.text.substring(0, 500);
+        }
+
+        // Validation: Sane bounds for coordinates
+        const MAX_COORD = 2000;
+        if (typeof msg.dx === 'number' && Number.isFinite(msg.dx)) {
+            msg.dx = Math.max(-MAX_COORD, Math.min(MAX_COORD, msg.dx));
+        }
+        if (typeof msg.dy === 'number' && Number.isFinite(msg.dy)) {
+            msg.dy = Math.max(-MAX_COORD, Math.min(MAX_COORD, msg.dy));
+        }
+
+        // Throttling: Limit high-frequency events to ~125fps (8ms)
+        if (msg.type === 'move') {
+            const now = Date.now();
+            if (now - this.lastMoveTime < 8) {
+                this.pendingMove = msg;
+                if (!this.moveTimer) {
+                    this.moveTimer = setTimeout(() => {
+                        this.moveTimer = null;
+                        if (this.pendingMove) {
+                            const pending = this.pendingMove;
+                            this.pendingMove = null;
+                            this.handleMessage(pending).catch((err) => {
+                                 console.error('Error processing pending move event:', err);
+                             });
+                        }
+                    }, 8);
+                }
+                return;
+            }
+            this.lastMoveTime = now;
+        } else if (msg.type === 'scroll') {
+            const now = Date.now();
+            if (now - this.lastScrollTime < 8) {
+                this.pendingScroll = msg;
+                if (!this.scrollTimer) {
+                    this.scrollTimer = setTimeout(() => {
+                        this.scrollTimer = null;
+                        if (this.pendingScroll) {
+                            const pending = this.pendingScroll;
+                            this.pendingScroll = null;
+                            this.handleMessage(pending).catch((err) => {
+                                 console.error('Error processing pending move event:', err);
+                             });
+                        }
+                    }, 8);
+                }
+                return;
+            }
+            this.lastScrollTime = now;
+        }
+
         switch (msg.type) {
             case 'move':
                 if (
@@ -38,7 +100,13 @@ export class InputHandler {
 
             case 'click':
                 if (msg.button) {
-                    const btn = msg.button === 'left' ? Button.LEFT : msg.button === 'right' ? Button.RIGHT : Button.MIDDLE;
+                    const btn =
+                        msg.button === 'left'
+                            ? Button.LEFT
+                            : msg.button === 'right'
+                            ? Button.RIGHT
+                            : Button.MIDDLE;
+
                     if (msg.press) {
                         await mouse.pressButton(btn);
                     } else {
@@ -83,7 +151,10 @@ export class InputHandler {
 
                     const scaledDelta =
                         Math.sign(msg.delta) *
-                        Math.min(Math.abs(msg.delta) * sensitivityFactor, MAX_ZOOM_STEP);
+                        Math.min(
+                            Math.abs(msg.delta) * sensitivityFactor,
+                            MAX_ZOOM_STEP
+                        );
 
                     const amount = Math.round(-scaledDelta);
 
@@ -106,6 +177,7 @@ export class InputHandler {
                 if (msg.key) {
                     console.log(`Processing key: ${msg.key}`);
                     const nutKey = KEY_MAP[msg.key.toLowerCase()];
+
                     if (nutKey !== undefined) {
                         await keyboard.type(nutKey);
                     } else if (msg.key.length === 1) {
@@ -119,9 +191,11 @@ export class InputHandler {
             case 'combo':
                 if (msg.keys && msg.keys.length > 0) {
                     const nutKeys: (Key | string)[] = [];
+
                     for (const k of msg.keys) {
                         const lowerKey = k.toLowerCase();
                         const nutKey = KEY_MAP[lowerKey];
+
                         if (nutKey !== undefined) {
                             nutKeys.push(nutKey);
                         } else if (lowerKey.length === 1) {
@@ -141,15 +215,17 @@ export class InputHandler {
 
                     try {
                         for (const k of nutKeys) {
-                            if (typeof k === "string") {
+                            if (typeof k === 'string') {
                                 await keyboard.type(k);
                             } else {
                                 await keyboard.pressKey(k);
                                 pressedKeys.push(k);
                             }
                         }
 
-                        await new Promise(resolve => setTimeout(resolve, 10));
+                        await new Promise(resolve =>
+                            setTimeout(resolve, 10)
+                        );
                     } finally {
                         for (const k of pressedKeys.reverse()) {
                             await keyboard.releaseKey(k);