openvidu-server: limit OPENVIDU_SECRET format to [a-zA-Z0-9_-]

openvidu-server/src/main/java/io/openvidu/server/config/OpenviduConfig.java

@@ -483,7 +483,8 @@ public class OpenviduConfig {
 
 		coturnRedisConnectTimeout = getValue("COTURN_REDIS_CONNECT_TIMEOUT");
 
-		openviduSecret = asNonEmptyString("OPENVIDU_SECRET");
+		openviduSecret = asNonEmptyAlphanumericString("OPENVIDU_SECRET",
+				"Cannot be empty and must contain only alphanumeric characters [a-zA-Z0-9], hypens (\"-\") and underscores (\"_\")");
 
 		openviduCdr = asBoolean("OPENVIDU_CDR");
 		openviduCdrPath = openviduCdr ? asWritableFileSystemPath("OPENVIDU_CDR_PATH")
@@ -741,6 +742,17 @@ public class OpenviduConfig {
 		}
 	}
 
+	protected String asNonEmptyAlphanumericString(String property, String errorMessage) {
+		final String REGEX = "^[a-zA-Z0-9_-]+$";
+		String stringValue = getValue(property);
+		if (stringValue != null && !stringValue.isEmpty() && stringValue.matches(REGEX)) {
+			return stringValue;
+		} else {
+			addError(property, errorMessage);
+			return null;
+		}
+	}
+
 	protected String asOptionalString(String property) {
 		return getValue(property);
 	}