aedes icon indicating copy to clipboard operation
aedes copied to clipboard

Published 20 hours ago verified publisher icon moscajs

[feat] Validate ClientId

Open gnought opened this issue 4 years ago • 3 comments

Based on the MQTT 3.1.1 spec:

The ClientId MUST be a UTF-8 encoded string as defined in Section 1.5.3 [MQTT-3.1.3-4].

The Server MUST allow ClientIds which are between 1 and 23 UTF-8 encoded bytes in length, and that contain only the characters

"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" [MQTT-3.1.3-5].

The ClientId should fall within the allowed character ranges, we could follow and offer an option to override the behaviour.

gnought avatar Mar 30 '20 10:03 gnought

Isn't this already supported?

Check maxClientsIdLength https://github.com/moscajs/aedes/blob/master/docs/Aedes.md#new-aedesoptions--new-aedesserveroptions

robertsLando avatar Mar 30 '20 11:03 robertsLando

I mean the ClientId should be within the mentioned characeter set 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ No spaces, no hypens, no dash.

gnought avatar Mar 30 '20 12:03 gnought

@gnought Oh ok sorry I misunderstand what you wrote. In this case I would prefer to create an option for sure, but I'm not sure I would make it respect the standard by default, I think that this would break many existing instances. I would prefer an option like: validateClientId that by default is false

robertsLando avatar Mar 30 '20 13:03 robertsLando