fix(Processor): make sure to only accept 16 byte UUIDs

Author: DASPRiD

README.md

@@ -17,6 +17,8 @@ In order to use the server, you have to implement a processor first. Following i
 you started:
 
 ```typescript
+import {randomUUID} from 'crypto';
+import uuidBuffer from 'uuid-buffer';
 import {
     AudioFoundResult,
     AudioNotFoundResult,
@@ -46,8 +48,8 @@ class MyProcessor implements Processor {
         if (hexUid === '00000000000002') {
             // This is a valid UID, return an array of achievement IDs, if any were achieved.
             return new ValidUidResult([
-                Buffer.from('0000000000000000000000000000000000000001'),
-                Buffer.from('0000000000000000000000000000000000000002'),
+                uuidBuffer.toBuffer(randomUUID()),
+                uuidBuffer.toBuffer(randomUUID()),
             ]);
         }
 

src/Processor.ts

@@ -9,8 +9,8 @@ export class ValidUidResult {
         }
 
         for (const achievementId of achievementIds) {
-            if (achievementId.length !== 20) {
-                throw new Error(`Length of achievement ID "${achievementId.toString('hex')}" is not 20 bytes`);
+            if (achievementId.length !== 16) {
+                throw new Error(`Length of achievement ID "${achievementId.toString('hex')}" is not 16 bytes`);
             }
         }
     }

test/authenticate.test.ts

@@ -1,6 +1,6 @@
 import type {TLSSocket} from 'tls';
 import type BufferedStream from '../src/BufferedStream';
-import {AuthResponse} from '../src/client.js';
+import {AuthResponse} from '../src/client';
 import {testServer} from './server-tester';
 
 describe('Authenticate', () => {

test/check-uid.test.ts

@@ -34,8 +34,8 @@ describe('CheckUid', () => {
             checkUid: async (clientId, uid) => {
                 result = {clientId, uid};
                 return Promise.resolve(new ValidUidResult([
-                    Buffer.from('0'.repeat(40), 'hex'),
-                    Buffer.from('1'.repeat(40), 'hex'),
+                    Buffer.from('0'.repeat(32), 'hex'),
+                    Buffer.from('1'.repeat(32), 'hex'),
                 ]));
             },
         }, async stream => {
@@ -48,11 +48,11 @@ describe('CheckUid', () => {
             const numAchievements = await stream.readUint8();
             expect(numAchievements).toBe(2);
 
-            const firstAchievement = await stream.readExact(20);
-            const secondAchievement = await stream.readExact(20);
+            const firstAchievement = await stream.readExact(16);
+            const secondAchievement = await stream.readExact(16);
 
-            expect(firstAchievement).toEqual(Buffer.from('0'.repeat(40), 'hex'));
-            expect(secondAchievement).toEqual(Buffer.from('1'.repeat(40), 'hex'));
+            expect(firstAchievement).toEqual(Buffer.from('0'.repeat(32), 'hex'));
+            expect(secondAchievement).toEqual(Buffer.from('1'.repeat(32), 'hex'));
         });
 
         expect(result).toEqual({clientId: 'foo', uid: Buffer.from('0'.repeat(14), 'hex')});

test/processor.test.ts

@@ -14,6 +14,6 @@ describe('Processor', () => {
 
         expect(() => {
             new ValidUidResult([id]);
-        }).toThrow('Length of achievement ID "000000000000000000000000000000000000000000" is not 20 bytes');
+        }).toThrow('Length of achievement ID "000000000000000000000000000000000000000000" is not 16 bytes');
     });
 });