feat: validate given sessionID to be a UUID

chriskari · chriskari · commit d72d1008ae4b · 2025-03-05T09:08:19.000+01:00
diff --git a/backend/companion/companionRouter.js b/backend/companion/companionRouter.js
@@ -1,5 +1,6 @@
 import express from 'express';
 import { TokenManager } from './TokenManager';
+import { isValidUUID } from '../utils/isValidUUID';
 
 const tokenManager = new TokenManager();
 
@@ -88,8 +89,10 @@ async function handleChatMessage(req, res) {
   const conversationId = sessionId;
 
   try {
-    if (!conversationId || typeof conversationId !== 'string') {
-      return res.status(400).json({ error: 'Invalid conversation ID' });
+    if (!isValidUUID(sessionId)) {
+      return res.status(400).json({
+        error: 'Invalid session ID. Must be a valid UUID v4.',
+      });
     }
 
     const baseUrl =
diff --git a/backend/utils/isValidUUID.js b/backend/utils/isValidUUID.js
@@ -0,0 +1,12 @@
+export function isValidUUID(uuid) {
+  // Standard UUID length
+  const UUIDlength = 36;
+  // UUID v4 regex pattern
+  const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
+
+  return (
+    typeof uuid === 'string' &&
+    uuid.length === UUIDlength &&
+    uuidRegex.test(uuid)
+  );
+}
