From fb4caba00a531b6b78b993f4531e80515e2d1b0a Mon Sep 17 00:00:00 2001 From: Denis Fadeev Date: Wed, 18 Dec 2024 12:14:13 +0300 Subject: [PATCH 1/2] fix: validate token URI --- contracts/nft/package.json | 6 ++++-- contracts/nft/tasks/mint.ts | 18 ++++++++++++++++++ contracts/nft/yarn.lock | 10 ++++++++++ 3 files changed, 32 insertions(+), 2 deletions(-) diff --git a/contracts/nft/package.json b/contracts/nft/package.json index 5b17b38..a857c28 100644 --- a/contracts/nft/package.json +++ b/contracts/nft/package.json @@ -28,6 +28,7 @@ "@types/chai": "^4.2.0", "@types/mocha": ">=9.1.0", "@types/node": ">=12.0.0", + "@types/validator": "^13.12.2", "@typescript-eslint/eslint-plugin": "^5.59.9", "@typescript-eslint/parser": "^5.59.9", "@zetachain/localnet": "4.0.0-rc6", @@ -61,6 +62,7 @@ "@solana-developers/helpers": "^2.4.0", "@solana/spl-memo": "^0.2.5", "@solana/web3.js": "^1.95.2", - "@zetachain/protocol-contracts": "11.0.0-rc3" + "@zetachain/protocol-contracts": "11.0.0-rc3", + "validator": "^13.12.0" } -} \ No newline at end of file +} diff --git a/contracts/nft/tasks/mint.ts b/contracts/nft/tasks/mint.ts index dc45c44..f643b47 100644 --- a/contracts/nft/tasks/mint.ts +++ b/contracts/nft/tasks/mint.ts @@ -1,5 +1,6 @@ import { task } from "hardhat/config"; import { HardhatRuntimeEnvironment } from "hardhat/types"; +import isURL from "validator/lib/isURL"; const main = async (args: any, hre: HardhatRuntimeEnvironment) => { const [signer] = await hre.ethers.getSigners(); @@ -9,6 +10,23 @@ const main = async (args: any, hre: HardhatRuntimeEnvironment) => { ); } + const supportedProtocols = ["https", "ipfs"]; + + const isValidTokenUri = isURL(args.tokenUri, { + require_protocol: true, + allow_fragments: true, + allow_query_components: true, + protocols: supportedProtocols, + }); + + if (!isValidTokenUri) { + throw new Error( + `Invalid token URI: ${ + args.tokenUri + }. Supported protocols are: ${supportedProtocols.join(", ")}.` + ); + } + const contract = await hre.ethers.getContractAt( args.name as "ZetaChainUniversalNFT" | "EVMUniversalNFT", args.contract diff --git a/contracts/nft/yarn.lock b/contracts/nft/yarn.lock index df476a4..92a9705 100644 --- a/contracts/nft/yarn.lock +++ b/contracts/nft/yarn.lock @@ -2407,6 +2407,11 @@ resolved "https://registry.yarnpkg.com/@types/uuid/-/uuid-8.3.4.tgz#bd86a43617df0594787d38b735f55c805becf1bc" integrity sha512-c/I8ZRb51j+pYGAu5CrFMRxqZ2ke4y2grEBO5AUjgSkSk+qT2Ea+OdWElz/OiMf5MNpn2b17kuVBwZLQJXzihw== +"@types/validator@^13.12.2": + version "13.12.2" + resolved "https://registry.yarnpkg.com/@types/validator/-/validator-13.12.2.tgz#760329e756e18a4aab82fc502b51ebdfebbe49f5" + integrity sha512-6SlHBzUW8Jhf3liqrGGXyTJSIFe4nqlJ5A5KaMZ2l/vbM3Wh3KSybots/wfWVzNLK4D1NZluDlSQIbIEPx6oyA== + "@types/wrap-ansi@^3.0.0": version "3.0.0" resolved "https://registry.yarnpkg.com/@types/wrap-ansi/-/wrap-ansi-3.0.0.tgz#18b97a972f94f60a679fd5c796d96421b9abb9fd" @@ -7404,6 +7409,11 @@ v8-compile-cache-lib@^3.0.1: resolved "https://registry.yarnpkg.com/v8-compile-cache-lib/-/v8-compile-cache-lib-3.0.1.tgz#6336e8d71965cb3d35a1bbb7868445a7c05264bf" integrity sha512-wa7YjyUGfNZngI/vtK0UHAN+lgDCxBPCylVXGp0zu59Fz5aiGtNXaq3DhIov063MorB+VfufLh3JlF2KdTK3xg== +validator@^13.12.0: + version "13.12.0" + resolved "https://registry.yarnpkg.com/validator/-/validator-13.12.0.tgz#7d78e76ba85504da3fee4fd1922b385914d4b35f" + integrity sha512-c1Q0mCiPlgdTVVVIJIrBuxNicYE+t/7oKeI9MWLj3fh/uq2Pxh/3eeWbVZ4OcGW1TUf53At0njHw5SMdA3tmMg== + varuint-bitcoin@^1.1.2: version "1.1.2" resolved "https://registry.yarnpkg.com/varuint-bitcoin/-/varuint-bitcoin-1.1.2.tgz#e76c138249d06138b480d4c5b40ef53693e24e92" From 3dc6ceca53a2420ad433cf30e138ddfe0b7ec554 Mon Sep 17 00:00:00 2001 From: Denis Fadeev Date: Thu, 19 Dec 2024 18:09:34 +0300 Subject: [PATCH 2/2] remove extra params from URI validator --- contracts/nft/tasks/mint.ts | 2 -- 1 file changed, 2 deletions(-) diff --git a/contracts/nft/tasks/mint.ts b/contracts/nft/tasks/mint.ts index f643b47..ce8a091 100644 --- a/contracts/nft/tasks/mint.ts +++ b/contracts/nft/tasks/mint.ts @@ -14,8 +14,6 @@ const main = async (args: any, hre: HardhatRuntimeEnvironment) => { const isValidTokenUri = isURL(args.tokenUri, { require_protocol: true, - allow_fragments: true, - allow_query_components: true, protocols: supportedProtocols, });