datastore: validate port number (in a general way) in frontend and backend with the same validator

Author: haraldschilly

src/packages/database/postgres/project-queries.ts

@@ -3,14 +3,21 @@
  *  License: MS-RSL – see LICENSE.md for details
  */
 
+import debug from "debug";
 import { omit } from "lodash";
-import { PostgreSQL } from "./types";
+
 import { callback2 } from "@cocalc/util/async-utils";
+import {
+  DUMMY_SECRET,
+  PORT_MAX,
+  PORT_MIN,
+  validatePortNumber,
+} from "@cocalc/util/consts";
+import { DatastoreConfig } from "@cocalc/util/types";
 import { query } from "./query";
-import debug from "debug";
+import { PostgreSQL } from "./types";
+
 const L = debug("hub:project-queries");
-import { DUMMY_SECRET } from "@cocalc/util/consts";
-import { DatastoreConfig } from "@cocalc/util/types";
 
 export async function project_has_network_access(
   db: PostgreSQL,
@@ -86,16 +93,23 @@ export async function project_datastore_set(
   // check data from user
   for (const [key, val] of Object.entries(config)) {
     if (val == null) continue;
+    if (key === "port") {
+      const port = validatePortNumber(val);
+      if (port == null) {
+        throw new Error(
+          `Invalid value -- 'port' must be an integer between ${PORT_MIN} and ${PORT_MAX}`,
+        );
+      }
+      config.port = port;
+      continue;
+    }
     if (
       typeof val !== "string" &&
       typeof val !== "boolean" &&
       typeof val !== "number"
     ) {
       throw new Error(`Invalid value -- '${key}' is not a valid type`);
     }
-    if (typeof val === "number" && (val < 0 || val > 2 ** 32)) {
-      throw new Error(`Invalid value -- '${key}' is out of range`);
-    }
     if (typeof val === "string" && val.length > 100000) {
       throw new Error(`Invalid value -- '${key}' is too long`);
     }

src/packages/frontend/project/settings/datastore.tsx

@@ -51,6 +51,7 @@ import Password, {
 } from "@cocalc/frontend/components/password";
 import { labels } from "@cocalc/frontend/i18n";
 import { webapp_client } from "@cocalc/frontend/webapp-client";
+import { PORT_MAX, PORT_MIN, validatePortNumber } from "@cocalc/util/consts";
 import { DOC_CLOUD_STORAGE_URL } from "@cocalc/util/consts/project";
 import { DATASTORE_TITLE } from "@cocalc/util/db-schema/site-defaults";
 import { unreachable } from "@cocalc/util/misc";
@@ -83,8 +84,11 @@ const RULE_PORT = [
   {
     validator: (_: any, value: number | null) => {
       if (value == null) return Promise.resolve();
-      if (!Number.isInteger(value) || value < 1) {
-        return Promise.reject("Port must be an integer greater or equal to 1.");
+      const port = validatePortNumber(value);
+      if (port == null) {
+        return Promise.reject(
+          `Port must be an integer between ${PORT_MIN} and ${PORT_MAX}.`,
+        );
       }
       return Promise.resolve();
     },
@@ -611,12 +615,8 @@ export const Datastore: React.FC<Props> = React.memo((props: Props) => {
   async function save_config(values: any): Promise<void> {
     const config = { ...values, readonly: form_readonly };
     if ("port" in config) {
-      const portNum = Number(config.port);
-      if (!Number.isFinite(portNum) || portNum < 1) {
-        config.port = 22;
-      } else {
-        config.port = Math.floor(portNum);
-      }
+      const port = validatePortNumber(config.port);
+      config.port = port ?? 22;
     }
     try {
       await set(config);

src/packages/util/consts/index.ts

@@ -1,5 +1,5 @@
 /*
- *  This file is part of CoCalc: Copyright © 2020 Sagemath, Inc.
+ *  This file is part of CoCalc: Copyright © 2020 – 2025 Sagemath, Inc.
  *  License: MS-RSL – see LICENSE.md for details
  */
 
@@ -14,3 +14,5 @@ export { CONAT_LLM_HISTORY_KEY } from "./llm";
 export { DUMMY_SECRET } from "./project";
 
 export { SERVER_SETTINGS_ENV_PREFIX } from "./server_settings";
+
+export { PORT_MAX, PORT_MIN, validatePortNumber } from "./portnumber";

src/packages/util/consts/portnumber.ts

@@ -0,0 +1,20 @@
+/*
+ *  This file is part of CoCalc: Copyright © 2025 Sagemath, Inc.
+ *  License: MS-RSL – see LICENSE.md for details
+ */
+
+export const PORT_MIN = 1;
+export const PORT_MAX = 65535;
+
+export function validatePortNumber(port: unknown): number | undefined {
+  if (port == null || port === "") return;
+  const value =
+    typeof port === "number"
+      ? port
+      : typeof port === "string"
+      ? Number(port)
+      : NaN;
+  if (!Number.isInteger(value)) return;
+  if (value < PORT_MIN || value > PORT_MAX) return;
+  return value;
+}