feat: Now validetes usernames

Closes #3

src/methods/account_new.rs

@@ -36,6 +36,11 @@ pub async fn post_new_account(mut req: Request<State>) -> tide::Result {
         return Ok(json!({"result": "error", "error": "Invalid auth"}).into());
     };
 
+    if let Some(error) = is_valid_name(&user) {
+        
+        return Ok(json!({"result": "error", "error": error}).into());
+    }
+
     // easier to give each request its own connection
     let mut ldap = LdapConn::new(&config.ldap_host)?;
 
@@ -76,6 +81,34 @@ async fn db_pending_clear_expired(pool: &Pool<Sqlite>) -> Result<Vec<AccountsNew
     .await
 }
 
+fn is_valid_name(name: &str) -> Option<String> {
+    // max length is 31 chars
+    if name.len() >= 32 {
+        return Some(String::from("Too long, max len 31"));
+    }
+
+    for (index, letter) in name.chars().enumerate() {
+        // no uppercase characters allowed
+        if letter.is_ascii_uppercase() {
+            return Some(String::from("Has uppercase"));
+        }
+
+        if index == 0 {
+            // first character ahs to be either a letter or underscore
+            if !(letter.is_ascii_alphabetic() || letter == '_') {
+                return Some(String::from("Does not start with letter or _"));
+            }
+        } else {
+            // after first character options are more relaxed
+            if !(letter.is_ascii_alphabetic() || letter.is_ascii_digit() || letter == '_' || letter == '-') {
+                return Some(String::from("Contains character that is not letter, number, _ or -"));
+            }
+        }
+    }
+
+    None
+}
+
 async fn db_get_user(pool: &Pool<Sqlite>, auth: &str) -> Option<AccountsNew> {
     if let Ok(res) = sqlx::query_as::<_, AccountsNew>(
         r#"