Validate screenshot URLs server- and client-side

2026-01-29 01:39:23 +01:00
parent 480c2a6e49
commit 5b62640b76
3 changed files with 39 additions and 0 deletions
--- a/Endpoints/EndpointHelpers.cs
+++ b/Endpoints/EndpointHelpers.cs
@@ -34,6 +34,16 @@ internal static class EndpointHelpers
                ? t[..Math.Min(t.Length, max)]
                : null;

+    public static bool IsValidImageUrl(string? url)
+    {
+        if (string.IsNullOrWhiteSpace(url)) return true; // empty is acceptable
+        if (!Uri.TryCreate(url, UriKind.Absolute, out var uri)) return false;
+        if (uri.Scheme is not ("http" or "https")) return false;
+        var path = uri.AbsolutePath.ToLowerInvariant();
+        return path.EndsWith(".png") || path.EndsWith(".jpg") || path.EndsWith(".jpeg")
+               || path.EndsWith(".gif") || path.EndsWith(".webp") || path.EndsWith(".avif");
+    }
+
    public static async Task<bool> IsAdmin(HttpContext ctx, AppDbContext db, IConfiguration config)
    {
        var player = await GetAuthenticatedPlayer(ctx, db);