Reject empty invite payloads in DM invite parsing#5
Open
applefather-eth wants to merge 1 commit intoxmtplabs:mainfrom
Open
Reject empty invite payloads in DM invite parsing#5applefather-eth wants to merge 1 commit intoxmtplabs:mainfrom
applefather-eth wants to merge 1 commit intoxmtplabs:mainfrom
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This fixes another false positive in DM invite parsing.
Some short numeric messages such as
8118and6018were being accepted byparseInviteSlug()as technically valid invites, but with an empty payload:creatorInboxId = ""tag = ""conversationToken.length = 0Because Convos DM middleware always attempts invite parsing first, those messages were treated as invite/join traffic and never reached downstream app handlers.
This reproduced locally with two fresh XMTP identities:
8118/6018were stored in the local XMTP DBonMessagenever fired for them8373and5548behaved normallyThis patch makes
parseInviteSlug()reject parsed invites that are missing required payload fields (creatorInboxId,tag, orconversationToken).Also adds regression tests covering
8118and6018.Note
Reject empty invite payloads in
parseInviteSlugAdds validation in
parseInviteSlugafter decoding the payload: throwsError("Invalid invite payload")ifcreatorInboxIdis falsy,tagis missing, orconversationTokenis empty. A new test covers inputs that decode to empty payloads (e.g."8118","6018").Macroscope summarized a125229.