added filter for invalid characters, initializing contact on click selected contact

client/src/components/chat/ContactsList.tsx

@@ -49,7 +49,11 @@ function ContactsList({
   }, []);
 
   const addContactsList = contactsList.map((contact: ContactsProps, index) => (
-    <li className="hover:bg-green-700 p-2 rounded cursor-pointer" key={index}>
+    <li
+      className="hover:bg-green-700 p-2 rounded cursor-pointer"
+      onClick={() => InitializeContact(contact.usernamecontact)}
+      key={index}
+    >
       {contact.usernamecontact}
     </li>
   ));

client/src/pages/Signup.tsx

@@ -35,7 +35,6 @@ export default function Signup() {
       return;
     }
     setMatch(true);
-    data.username = data.username.toLowerCase();
     axios
       .post('http://localhost:5173/api/auth/signup', data, {
         withCredentials: true,

server/db/db.js

@@ -133,15 +133,17 @@ async function getMessages(username, recipient) {
 
 async function checkUserExist(username) {
   const query = `
-    SELECT COUNT(*) FROM accounts 
-    WHERE username = $1;
+    SELECT 1 FROM accounts 
+    WHERE LOWER(username) = LOWER($1)
+    LIMIT 1;
   `;
 
   try {
     const result = await client.query(query, [username]);
-    return result.rows[0].count > 0;
+    return result.rows.length > 0;
   } catch (e) {
     console.error("Failed to check if user exist ", e);
+    return false;
   }
 }
 

server/server.js

@@ -39,7 +39,7 @@ app.use(cookieParser());
 
 app.post("/api/auth/signup", async (req, res) => {
   try {
-    const username = req.body.username.toLowerCase().trim();
+    const username = req.body.username.trim().replace(/[^a-zA-Z0-9]/g, "");
     const password = req.body.password;
     console.log(username);
     // Validate form data length

server/socket/socket.js

@@ -23,7 +23,7 @@ function initializeSocket(io) {
         return next(new Error("(socket) Invalid token payload"));
       }
 
-      socket.username = username;
+      socket.username = filter(username);
       socket.user_id = user_id;
       console.log(
         `(socket) socket id: ${socket.id}, username: ${username}, user_id: ${user_id}`,
@@ -36,7 +36,7 @@ function initializeSocket(io) {
   });
 
   io.on("connection", async (socket) => {
-    const username = socket.username;
+    const username = filter(socket.username);
     if (!username) {
       socket.on("disconnect", () => {
         console.log(
@@ -50,11 +50,14 @@ function initializeSocket(io) {
     socket.join(username); // join username room
 
     socket.on("chat message", async (msg) => {
-      const { message, recipient, timestamp } = msg;
+      const { message, timestamp } = msg;
+      let { recipient } = msg;
+      recipient = filter(recipient);
       const sender = username;
-      if (!message || recipient.length < 4 || !recipient) {
+      if (!message || !recipient) {
         return;
       }
+
       const insertedMessage = await insertMessage(
         username,
         recipient,
@@ -87,15 +90,11 @@ function initializeSocket(io) {
 
     socket.on("add contact", (contactInf) => {
       let { contact, read } = contactInf;
-      if (contact.trim()) {
-        if (contact.length < 4 || contact.length > 20) {
-          console.log("blocked");
-          return;
-        }
+
+      contact = filter(contact);
+      if (contact) {
+        insertContact(username, contact, read);
       }
-      insertContact(username, contact.trim().toLowerCase(), read);
-      io.to(username).emit("contact", { contact, read });
-      console.log("(socket) sent on 'contact' socket: ", { contact, read });
     });
 
     socket.on("get contacts list", async () => {
@@ -110,4 +109,10 @@ function initializeSocket(io) {
   });
 }
 
+function filter(text) {
+  if (typeof text !== "string" || text.length < 4 || text.length > 20) {
+    return null;
+  }
+  return text.replace(/[^a-zA-Z0-9]/g, "");
+}
 module.exports = { initializeSocket };