Implement regex for validation

tanx · tanx · commit 120bf0dbdbfd · 2018-07-02T23:55:44.000+02:00
diff --git a/src/helper.js b/src/helper.js
@@ -186,8 +186,18 @@ export const reverse = src => {
  * @param  {string}  str The uri to validate
  * @return {boolean}     If the uri is valid
  */
-export const isValidUri = str => {
-  return /^(lightning:|bitcoin:)[a-zA-Z0-9]*$/.test(str);
+export const isLnUri = str => {
+  return /^lightning:ln[a-zA-Z0-9]*$/.test(str);
+};
+
+/**
+ * Basic bitcoin address validation. More thorough matching is
+ * done by lnd. This is just to mitigate XSS.
+ * @param  {string}  str The address to validate
+ * @return {boolean}     If the uri is valid
+ */
+export const isAddress = str => {
+  return /^[a-km-zA-HJ-NP-Z0-9]{26,35}$/.test(str);
 };
 
 /**
diff --git a/test/unit/helper.spec.js b/test/unit/helper.spec.js
@@ -508,38 +508,50 @@ describe('Helpers Unit Tests', () => {
     });
   });
 
-  describe('isValidUri()', () => {
-    it('should accept bitcoin uri', () => {
-      const uri = 'bitcoin:rfu4i1Mo2NF7TQsN9bMVLFSojSzcyQCEH5';
-      expect(helpers.isValidUri(uri), 'to be', true);
-    });
-
+  describe('isLnUri()', () => {
     it('should accept lightning uri', () => {
       const uri =
         'lightning:lntb1500n1pdn2e0app5wlyxzspccpfvqmrtfr8p487xcch4hxtu2u0qzcke6mzpv222w8usdpa2fjkzep6ypxx2ap8wvs8qmrp0ysxzgrvd9nksarwd9hxwgrwv468wmmjdvsxwcqzysmr9jxv06zx53cyqa0sqntehy5tyrqu064xvw00qjep5f9gw57qcqp6qnpqyuprh90aqzfyf9ypq8uth7qte5ecjq0fng3y47mywwkfqq3megny';
-      expect(helpers.isValidUri(uri), 'to be', true);
+      expect(helpers.isLnUri(uri), 'to be', true);
+    });
+
+    it('should reject bitcoin uri', () => {
+      const uri = 'bitcoin:rfu4i1Mo2NF7TQsN9bMVLFSojSzcyQCEH5';
+      expect(helpers.isLnUri(uri), 'to be', false);
     });
 
     it('should reject bitcoin address', () => {
       const uri = 'rfu4i1Mo2NF7TQsN9bMVLFSojSzcyQCEH5';
-      expect(helpers.isValidUri(uri), 'to be', false);
+      expect(helpers.isLnUri(uri), 'to be', false);
     });
 
     it('should reject lightning invoice', () => {
       const uri =
         'lntb1500n1pdn2e0app5wlyxzspccpfvqmrtfr8p487xcch4hxtu2u0qzcke6mzpv222w8usdpa2fjkzep6ypxx2ap8wvs8qmrp0ysxzgrvd9nksarwd9hxwgrwv468wmmjdvsxwcqzysmr9jxv06zx53cyqa0sqntehy5tyrqu064xvw00qjep5f9gw57qcqp6qnpqyuprh90aqzfyf9ypq8uth7qte5ecjq0fng3y47mywwkfqq3megny';
-      expect(helpers.isValidUri(uri), 'to be', false);
+      expect(helpers.isLnUri(uri), 'to be', false);
+    });
+
+    it('should mitigate xss', () => {
+      const uri =
+        'lightning:lntb1500n1<script>alert("XSS")</script>p487xcch4hxtu2u0qzcke6mzpv222w8usdpa2fjkzep6ypxx2ap8wvs8qmrp0ysxzgrvd9nksarwd9hxwgrwv468wmmjdvsxwcqzysmr9jxv06zx53cyqa0sqntehy5tyrqu064xvw00qjep5f9gw57qcqp6qnpqyuprh90aqzfyf9ypq8uth7qte5ecjq0fng3y47mywwkfqq3megny';
+      expect(helpers.isLnUri(uri), 'to be', false);
+    });
+  });
+
+  describe('isAddress()', () => {
+    it('should accept bitcoin uri', () => {
+      const address = 'rfu4i1Mo2NF7TQsN9bMVLFSojSzcyQCEH5';
+      expect(helpers.isAddress(address), 'to be', true);
     });
 
     it('should reject invalid bitcoin uri', () => {
-      const uri = 'bitcoin:/INVALID/rfu4i1Mo2NF7TQsN9bMVLFSojSzcyQCEH5';
-      expect(helpers.isValidUri(uri), 'to be', false);
+      const address = '/INVALID/rfu4i1Mo2NF7TQsN9bMVLFSoj';
+      expect(helpers.isAddress(address), 'to be', false);
     });
 
     it('should mitigate xss', () => {
-      const uri =
-        'bitcoin:rfu4i1Mo2NF7T<script>alert("XSS")</script>QsN9bMVLFSojSzcyQCEH5';
-      expect(helpers.isValidUri(uri), 'to be', false);
+      const address = 'rfu<script>alert("XSS")</script>';
+      expect(helpers.isAddress(address), 'to be', false);
     });
   });
 
