Added topic validations for SUBSCRIBE.

lib/handlers/subscribe.js

@@ -36,6 +36,27 @@ function doSubscribe (sub, done) {
 
 function authorize (sub, done) {
   var client = this.client
+  var topic = sub.topic
+  var end = topic.length - 1
+  var err
+  for (var i = 0; i < topic.length; i++) {
+    switch (topic.charCodeAt(i)) {
+      case 35:
+        if (i !== end) {
+          err = new Error('# is only allowed in SUBSCRIBE in the last position')
+          client.emit('error', err)
+          return done(err)
+        }
+        break
+      case 43:
+        if (i < end - 1 && topic.charCodeAt(i + 1) !== 47) {
+          err = new Error('+ is only allowed in SUBSCRIBE between /')
+          client.emit('error', err)
+          return done(err)
+        }
+        break
+    }
+  }
   client.broker.authorizeSubscribe(client, sub, done)
 }
 

test/basic.js

@@ -530,24 +530,22 @@ test('publish invalid topic with +', function (t) {
   })
 })
 
-test('subscribe to invalid topic with hello/+foo', function (t) {
-  var s = connect(setup())
-
-  subscribe(t, s, 'hello/+foo', 0, function () {
-    s.outStream.once('data', function (packet) {
-      t.fail('no packet')
-      t.end()
-    })
+;['base/#/sub', 'base/#sub', 'base/+xyz/sub'].forEach(function (topic) {
+  test('subscribe to invalid topic with ' + topic, function (t) {
+    var s = connect(setup())
 
     s.inStream.write({
-      cmd: 'publish',
-      topic: 'hello/#',
-      payload: 'world'
+      cmd: 'subscribe',
+      messageId: 24,
+      subscriptions: [{
+        topic: topic,
+        qos: 0
+      }]
     })
-  })
 
-  eos(s.conn, function () {
-    t.equal(s.broker.connectedClients, 0, 'no connected clients')
-    t.end()
+    eos(s.conn, function () {
+      t.equal(s.broker.connectedClients, 0, 'no connected clients')
+      t.end()
+    })
   })
 })