From 5488014c6abe4f1f1e23d0cc75ddaf40713462ec Mon Sep 17 00:00:00 2001
From: Eugene Fox <eugene@xfox111.net>
Date: Wed, 3 Sep 2025 09:08:34 +0000
Subject: [PATCH] chore: validation improvements and fixes

---
 Program.cs | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/Program.cs b/Program.cs
index ade028e..58800ce 100644
--- a/Program.cs
+++ b/Program.cs
@@ -40,11 +40,18 @@ app.MapHub<WsHub>("/ws", options =>
 app.MapPost("/send",
 	static async (
 		[FromServices] IHubContext<WsHub> hubContext, [FromServices] ILogger<Program> logger,
-		[FromQuery] string id, [FromBody] string data
+		[FromQuery] string? id, [FromBody] string? data
 	) =>
 	{
+		if (string.IsNullOrWhiteSpace(id) || id.Length > 64)
+			return Results.BadRequest("Connection ID is required and must be at most 64 characters long.");
+
+		foreach (char c in id)
+			if (!char.IsLetterOrDigit(c) && c != '-' && c != '_')
+				return Results.BadRequest("Connection ID contains invalid characters.");
+
 		if (string.IsNullOrWhiteSpace(data) || data.Length > 66_560)
-			return Results.BadRequest();
+			return Results.BadRequest("Body is required and must be at most 66,560 characters long.");
 
 		logger.LogDebug("Received payload for connection '{id}' (package length: {len})", id, data.Length);
 		await hubContext.Clients.Client(id).SendAsync("ReceiveData", data);