strip dashes from uuids before handling them

lib/helpers.js

@@ -7,8 +7,8 @@ var skins = require("./skins");
 var path = require("path");
 var fs = require("fs");
 
-// 0098cb60-fa8e-427c-b299-793cbd302c9a
-var valid_user_id = /^[0-9a-fA-F\-]{32,36}$/; // uuid
+// 0098cb60fa8e427cb299793cbd302c9a
+var valid_user_id = /^[0-9a-fA-F]{32}$/; // uuid
 var hash_pattern = /[0-9a-f]+$/;
 
 // gets the hash from the textures.minecraft.net +url+

lib/routes/avatars.js

@@ -67,6 +67,9 @@ module.exports = function(req, callback) {
     return;
   }
 
+  // strip dashes
+  userId = userId.replace(/-/g, "");
+
   // Prevent app from crashing/freezing
   if (size < config.avatars.min_size || size > config.avatars.max_size) {
     // "Unprocessable Entity", valid request, but semantically erroneous:
@@ -84,9 +87,6 @@ module.exports = function(req, callback) {
     return;
   }
 
-  // strip dashes
-  userId = userId.replace(/-/g, "");
-
   try {
     helpers.get_avatar(req.id, userId, overlay, size, function(err, status, image, hash) {
       if (err) {

lib/routes/capes.js

@@ -17,6 +17,8 @@ module.exports = function(req, callback) {
     return;
   }
 
+  // strip dashes
+  userId = userId.replace(/-/g, "");
   if (!helpers.id_valid(userId)) {
     callback({
       status: -2,
@@ -25,9 +27,6 @@ module.exports = function(req, callback) {
     return;
   }
 
-  // strip dashes
-  userId = userId.replace(/-/g, "");
-
   try {
     helpers.get_cape(rid, userId, function(err, hash, status, image) {
       if (err) {

lib/routes/renders.js

@@ -85,6 +85,9 @@ module.exports = function(req, callback) {
     return;
   }
 
+  // strip dashes
+  userId = userId.replace(/-/g, "");
+
   if (scale < config.renders.min_scale || scale > config.renders.max_scale) {
     callback({
       status: -2,
@@ -99,9 +102,6 @@ module.exports = function(req, callback) {
     return;
   }
 
-  // strip dashes
-  userId = userId.replace(/-/g, "");
-
   try {
     helpers.get_render(rid, userId, scale, overlay, body, function(err, status, hash, image) {
       if (err) {

lib/routes/skins.js

@@ -75,6 +75,8 @@ module.exports = function(req, callback) {
     return;
   }
 
+  // strip dashes
+  userId = userId.replace(/-/g, "");
   if (!helpers.id_valid(userId)) {
     callback({
       status: -2,
@@ -83,9 +85,6 @@ module.exports = function(req, callback) {
     return;
   }
 
-  // strip dashes
-  userId = userId.replace(/-/g, "");
-
   try {
     helpers.get_skin(rid, userId, function(err, hash, status, image, slim) {
       if (err) {

test/test.js

@@ -88,8 +88,8 @@ describe("Crafatar", function() {
       assert.strictEqual(helpers.id_valid("1DCEF164FF0A47F2B9A691385C774EE7"), true);
       done();
     });
-    it("dashed uuid is valid", function(done) {
-      assert.strictEqual(helpers.id_valid("0098cb60-fa8e-427c-b299-793cbd302c9a"), true);
+    it("dashed uuid is not valid", function(done) {
+      assert.strictEqual(helpers.id_valid("0098cb60-fa8e-427c-b299-793cbd302c9a"), false);
       done();
     });
     it("username is invalid", function(done) {
@@ -300,6 +300,10 @@ describe("Crafatar", function() {
         url: "http://localhost:3000/avatars/853c80ef3c3749fdaa49938b674adae6?size=16",
         crc32: [4264176600],
       },
+      "avatar with existing dashed uuid": {
+        url: "http://localhost:3000/avatars/853c80ef-3c37-49fd-aa49938b674adae6?size=16",
+        crc32: [4264176600],
+      },
       "avatar with non-existent uuid": {
         url: "http://localhost:3000/avatars/00000000000000000000000000000000?size=16",
         crc32: [3348154329],