From 93aaea4aa1bb21c6841728c3c402fec3168ae414 Mon Sep 17 00:00:00 2001
From: Ulf Gebhardt <ulf.gebhardt@webcraft-media.de>
Date: Wed, 19 Jul 2023 11:51:41 +0200
Subject: [PATCH 1/6] only take 2000 chat message characters

---
 backend/src/schema/resolvers/messages.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/src/schema/resolvers/messages.ts b/backend/src/schema/resolvers/messages.ts
index 078584c9d..b7e7a7a73 100644
--- a/backend/src/schema/resolvers/messages.ts
+++ b/backend/src/schema/resolvers/messages.ts
@@ -81,7 +81,7 @@ export default {
             createdAt: toString(datetime()),
             id: apoc.create.uuid(),
             indexId: CASE WHEN maxIndex IS NOT NULL THEN maxIndex + 1 ELSE 0 END,
-            content: $content,
+            content: LEFT($content,2000),
             saved: true,
             distributed: false,
             seen: false

From 02cbe6c19b4c4d676094f849cd05a740feb2360a Mon Sep 17 00:00:00 2001
From: Markus <markus@infinity.labs.ooo>
Date: Wed, 19 Jul 2023 11:56:38 +0200
Subject: [PATCH 2/6] [feature] chat component can now show clickable urls

---
 webapp/components/Chat/Chat.vue | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/webapp/components/Chat/Chat.vue b/webapp/components/Chat/Chat.vue
index d7864ebef..d00133a56 100644
--- a/webapp/components/Chat/Chat.vue
+++ b/webapp/components/Chat/Chat.vue
@@ -315,6 +315,12 @@ export default {
           this.messagesLoaded = true
         }
         this.messagePage += 1
+
+        // hacky way to make urls clickable for the chat component
+        // --> linkify in the backend is changing the syntax of the url
+        this.messages.forEach((msg) => {
+          msg.content = msg.content.replace(/<\/?a[^>]*>/g, '')
+        })
       } catch (error) {
         this.messages = []
         this.$toast.error(error.message)

From 6acdde177fc4d0aa5a885927bff337dea174cabf Mon Sep 17 00:00:00 2001
From: Ulf Gebhardt <ulf.gebhardt@webcraft-media.de>
Date: Wed, 19 Jul 2023 12:13:18 +0200
Subject: [PATCH 3/6] Revert "[feature] chat component can now show clickable
 urls"

This reverts commit 02cbe6c19b4c4d676094f849cd05a740feb2360a.
---
 webapp/components/Chat/Chat.vue | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/webapp/components/Chat/Chat.vue b/webapp/components/Chat/Chat.vue
index d00133a56..d7864ebef 100644
--- a/webapp/components/Chat/Chat.vue
+++ b/webapp/components/Chat/Chat.vue
@@ -315,12 +315,6 @@ export default {
           this.messagesLoaded = true
         }
         this.messagePage += 1
-
-        // hacky way to make urls clickable for the chat component
-        // --> linkify in the backend is changing the syntax of the url
-        this.messages.forEach((msg) => {
-          msg.content = msg.content.replace(/<\/?a[^>]*>/g, '')
-        })
       } catch (error) {
         this.messages = []
         this.$toast.error(error.message)

From 256bcc2af7d12e00a9253e92bab515fd2c51d9c6 Mon Sep 17 00:00:00 2001
From: Ulf Gebhardt <ulf.gebhardt@webcraft-media.de>
Date: Wed, 19 Jul 2023 12:13:49 +0200
Subject: [PATCH 4/6] do not filter chat message content with xss-middleware

---
 backend/src/middleware/xssMiddleware.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/src/middleware/xssMiddleware.ts b/backend/src/middleware/xssMiddleware.ts
index ede0cc199..9d8671137 100644
--- a/backend/src/middleware/xssMiddleware.ts
+++ b/backend/src/middleware/xssMiddleware.ts
@@ -3,7 +3,7 @@ import { cleanHtml } from '../middleware/helpers/cleanHtml'
 
 // exclamation mark separetes field names, that should not be sanitized
 const fields = [
-  'content',
+  'content!message',
   'contentExcerpt',
   'reasonDescription',
   'description!embed',

From 4448ecd6fedea53ad45c8e29bd58b8066c4ff5d6 Mon Sep 17 00:00:00 2001
From: Ulf Gebhardt <ulf.gebhardt@webcraft-media.de>
Date: Wed, 19 Jul 2023 14:12:25 +0200
Subject: [PATCH 5/6] fix walk recursive & field definitions

---
 backend/src/helpers/walkRecursive.ts    |  8 ++++----
 backend/src/middleware/xssMiddleware.ts | 10 +++++-----
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/backend/src/helpers/walkRecursive.ts b/backend/src/helpers/walkRecursive.ts
index f560cf9cb..4f7adf497 100644
--- a/backend/src/helpers/walkRecursive.ts
+++ b/backend/src/helpers/walkRecursive.ts
@@ -9,10 +9,10 @@ function walkRecursive(data, fields, fieldName, callback, _key?) {
   if (!Array.isArray(fields)) {
     throw new Error('please provide an fields array for the walkRecursive helper')
   }
-  if (data && typeof data === 'string' && fields.includes(_key)) {
-    // well we found what we searched for, lets replace the value with our callback result
-    const key = _key.split('!')
-    if (key.length === 1 || key[1] !== fieldName) data = callback(data, key[0])
+  // console.log(_key)
+  const fieldDef = fields.find((f) => f.field === _key)
+  if (data && typeof data === 'string' && fieldDef) {
+    if (!fieldDef.excludes?.includes(fieldName)) data = callback(data, _key)
   } else if (data && Array.isArray(data)) {
     // go into the rabbit hole and dig through that array
     data.forEach((res, index) => {
diff --git a/backend/src/middleware/xssMiddleware.ts b/backend/src/middleware/xssMiddleware.ts
index 9d8671137..33fdcf2c6 100644
--- a/backend/src/middleware/xssMiddleware.ts
+++ b/backend/src/middleware/xssMiddleware.ts
@@ -3,11 +3,11 @@ import { cleanHtml } from '../middleware/helpers/cleanHtml'
 
 // exclamation mark separetes field names, that should not be sanitized
 const fields = [
-  'content!message',
-  'contentExcerpt',
-  'reasonDescription',
-  'description!embed',
-  'descriptionExcerpt',
+  { field: 'content', excludes: ['message'] },
+  { field: 'contentExcerpt' },
+  { field: 'reasonDescription' },
+  { field: 'description', excludes: ['embed'] },
+  { field: 'descriptionExcerpt' },
 ]
 
 export default {

From bc1015da8c754bb28ffd0ab1616962b1d1ed7fd9 Mon Sep 17 00:00:00 2001
From: Ulf Gebhardt <ulf.gebhardt@webcraft-media.de>
Date: Wed, 19 Jul 2023 14:22:04 +0200
Subject: [PATCH 6/6] corrected field names to exclude, remove comment

---
 backend/src/helpers/walkRecursive.ts    | 1 -
 backend/src/middleware/xssMiddleware.ts | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/backend/src/helpers/walkRecursive.ts b/backend/src/helpers/walkRecursive.ts
index 4f7adf497..f3be67575 100644
--- a/backend/src/helpers/walkRecursive.ts
+++ b/backend/src/helpers/walkRecursive.ts
@@ -9,7 +9,6 @@ function walkRecursive(data, fields, fieldName, callback, _key?) {
   if (!Array.isArray(fields)) {
     throw new Error('please provide an fields array for the walkRecursive helper')
   }
-  // console.log(_key)
   const fieldDef = fields.find((f) => f.field === _key)
   if (data && typeof data === 'string' && fieldDef) {
     if (!fieldDef.excludes?.includes(fieldName)) data = callback(data, _key)
diff --git a/backend/src/middleware/xssMiddleware.ts b/backend/src/middleware/xssMiddleware.ts
index 33fdcf2c6..c10997e8d 100644
--- a/backend/src/middleware/xssMiddleware.ts
+++ b/backend/src/middleware/xssMiddleware.ts
@@ -3,7 +3,7 @@ import { cleanHtml } from '../middleware/helpers/cleanHtml'
 
 // exclamation mark separetes field names, that should not be sanitized
 const fields = [
-  { field: 'content', excludes: ['message'] },
+  { field: 'content', excludes: ['CreateMessage', 'Message'] },
   { field: 'contentExcerpt' },
   { field: 'reasonDescription' },
   { field: 'description', excludes: ['embed'] },