parent
63b59432a3
commit
e480665ae9
1 changed files with 33 additions and 0 deletions
|
@ -36,6 +36,11 @@ pub async fn post_new_account(mut req: Request<State>) -> tide::Result {
|
||||||
return Ok(json!({"result": "error", "error": "Invalid auth"}).into());
|
return Ok(json!({"result": "error", "error": "Invalid auth"}).into());
|
||||||
};
|
};
|
||||||
|
|
||||||
|
if let Some(error) = is_valid_name(&user) {
|
||||||
|
|
||||||
|
return Ok(json!({"result": "error", "error": error}).into());
|
||||||
|
}
|
||||||
|
|
||||||
// easier to give each request its own connection
|
// easier to give each request its own connection
|
||||||
let mut ldap = LdapConn::new(&config.ldap_host)?;
|
let mut ldap = LdapConn::new(&config.ldap_host)?;
|
||||||
|
|
||||||
|
@ -76,6 +81,34 @@ async fn db_pending_clear_expired(pool: &Pool<Sqlite>) -> Result<Vec<AccountsNew
|
||||||
.await
|
.await
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fn is_valid_name(name: &str) -> Option<String> {
|
||||||
|
// max length is 31 chars
|
||||||
|
if name.len() >= 32 {
|
||||||
|
return Some(String::from("Too long, max len 31"));
|
||||||
|
}
|
||||||
|
|
||||||
|
for (index, letter) in name.chars().enumerate() {
|
||||||
|
// no uppercase characters allowed
|
||||||
|
if letter.is_ascii_uppercase() {
|
||||||
|
return Some(String::from("Has uppercase"));
|
||||||
|
}
|
||||||
|
|
||||||
|
if index == 0 {
|
||||||
|
// first character ahs to be either a letter or underscore
|
||||||
|
if !(letter.is_ascii_alphabetic() || letter == '_') {
|
||||||
|
return Some(String::from("Does not start with letter or _"));
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
// after first character options are more relaxed
|
||||||
|
if !(letter.is_ascii_alphabetic() || letter.is_ascii_digit() || letter == '_' || letter == '-') {
|
||||||
|
return Some(String::from("Contains character that is not letter, number, _ or -"));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
None
|
||||||
|
}
|
||||||
|
|
||||||
async fn db_get_user(pool: &Pool<Sqlite>, auth: &str) -> Option<AccountsNew> {
|
async fn db_get_user(pool: &Pool<Sqlite>, auth: &str) -> Option<AccountsNew> {
|
||||||
if let Ok(res) = sqlx::query_as::<_, AccountsNew>(
|
if let Ok(res) = sqlx::query_as::<_, AccountsNew>(
|
||||||
r#"
|
r#"
|
||||||
|
|
Loading…
Reference in a new issue