diff --git a/components/ChatWindow.tsx b/components/ChatWindow.tsx index a71a217..7c25f1c 100644 --- a/components/ChatWindow.tsx +++ b/components/ChatWindow.tsx @@ -13,6 +13,7 @@ import { shorten, shouldActivateGameMode, setupPostMessageHandlers, + isSecureExternalId, } from '../helpers/utils'; import {isDev, getWebsocketUrl} from '../helpers/config'; import Logger from '../helpers/logger'; @@ -323,7 +324,11 @@ class ChatWindow extends React.Component { metadata?: API.CustomerMetadata, defaultCustomerId?: string | null ): Promise => { - if (!metadata || !metadata?.external_id) { + if ( + !metadata || + !metadata?.external_id || + !isSecureExternalId(metadata?.external_id) + ) { this.setState({customerId: defaultCustomerId}); return defaultCustomerId; @@ -343,11 +348,9 @@ class ChatWindow extends React.Component { baseUrl ); - if (!matchingCustomerId) { - this.setState({customerId: null}); - - return null; - } else if (matchingCustomerId === defaultCustomerId) { + // TODO: should we just set customerId to null if no match is found? + // We currently just fall back to the cached value if no match is found + if (!matchingCustomerId || matchingCustomerId === defaultCustomerId) { this.setState({customerId: defaultCustomerId}); return defaultCustomerId; diff --git a/helpers/utils.ts b/helpers/utils.ts index 28edd6f..47339b4 100644 --- a/helpers/utils.ts +++ b/helpers/utils.ts @@ -66,6 +66,20 @@ export function shouldActivateGameMode(message: string) { ); } +export function isSecureExternalId(id?: any) { + if (!id) { + return false; + } else if (typeof id !== 'string') { + return false; + } + + const isLongEnough = id.length >= 8; + const isOnlyNumbers = /^\d+$/.test(id); + const isOnlyLetters = /^[a-zA-Z]+$/.test(id); + + return isLongEnough && !isOnlyNumbers && !isOnlyLetters; +} + export function setupPostMessageHandlers(w: any, handler: (msg: any) => void) { const cb = (msg: any) => { handler(msg);