feat: Now validetes usernames

Closes #3
This commit is contained in:
silver 2023-07-30 03:47:30 +01:00
parent 63b59432a3
commit e480665ae9

View file

@ -36,6 +36,11 @@ pub async fn post_new_account(mut req: Request<State>) -> tide::Result {
return Ok(json!({"result": "error", "error": "Invalid auth"}).into()); return Ok(json!({"result": "error", "error": "Invalid auth"}).into());
}; };
if let Some(error) = is_valid_name(&user) {
return Ok(json!({"result": "error", "error": error}).into());
}
// easier to give each request its own connection // easier to give each request its own connection
let mut ldap = LdapConn::new(&config.ldap_host)?; let mut ldap = LdapConn::new(&config.ldap_host)?;
@ -76,6 +81,34 @@ async fn db_pending_clear_expired(pool: &Pool<Sqlite>) -> Result<Vec<AccountsNew
.await .await
} }
fn is_valid_name(name: &str) -> Option<String> {
// max length is 31 chars
if name.len() >= 32 {
return Some(String::from("Too long, max len 31"));
}
for (index, letter) in name.chars().enumerate() {
// no uppercase characters allowed
if letter.is_ascii_uppercase() {
return Some(String::from("Has uppercase"));
}
if index == 0 {
// first character ahs to be either a letter or underscore
if !(letter.is_ascii_alphabetic() || letter == '_') {
return Some(String::from("Does not start with letter or _"));
}
} else {
// after first character options are more relaxed
if !(letter.is_ascii_alphabetic() || letter.is_ascii_digit() || letter == '_' || letter == '-') {
return Some(String::from("Contains character that is not letter, number, _ or -"));
}
}
}
None
}
async fn db_get_user(pool: &Pool<Sqlite>, auth: &str) -> Option<AccountsNew> { async fn db_get_user(pool: &Pool<Sqlite>, auth: &str) -> Option<AccountsNew> {
if let Ok(res) = sqlx::query_as::<_, AccountsNew>( if let Ok(res) = sqlx::query_as::<_, AccountsNew>(
r#" r#"