From c51af61820597cbbfe70149fd415298fa41c6bc6 Mon Sep 17 00:00:00 2001 From: LittleSheep Date: Thu, 1 Aug 2024 12:21:34 +0800 Subject: [PATCH] :wheelchair: Better account name validation --- pkg/internal/server/api/accounts_api.go | 22 ++++++++++++++++++---- pkg/internal/services/accounts.go | 13 +++++++++++++ 2 files changed, 31 insertions(+), 4 deletions(-) diff --git a/pkg/internal/server/api/accounts_api.go b/pkg/internal/server/api/accounts_api.go index bce7758..35255c2 100644 --- a/pkg/internal/server/api/accounts_api.go +++ b/pkg/internal/server/api/accounts_api.go @@ -3,6 +3,7 @@ package api import ( "fmt" "strconv" + "strings" "time" "git.solsynth.dev/hydrogen/passport/pkg/internal/server/exts" @@ -118,7 +119,7 @@ func editUserinfo(c *fiber.Ctx) error { user := c.Locals("user").(models.Account) var data struct { - Nick string `json:"nick" validate:"required,min=2,max=24"` + Nick string `json:"nick" validate:"required"` Description string `json:"description"` FirstName string `json:"first_name"` LastName string `json:"last_name"` @@ -127,6 +128,11 @@ func editUserinfo(c *fiber.Ctx) error { if err := exts.BindAndValidate(c, &data); err != nil { return err + } else { + data.Nick = strings.TrimSpace(data.Nick) + } + if !services.ValidateAccountName(data.Nick, 4, 24) { + return fiber.NewError(fiber.StatusBadRequest, "invalid account nick, length requires 4 to 24") } var account models.Account @@ -156,8 +162,8 @@ func editUserinfo(c *fiber.Ctx) error { func doRegister(c *fiber.Ctx) error { var data struct { - Name string `json:"name" validate:"required,lowercase,alphanum,min=2,max=16"` - Nick string `json:"nick" validate:"required,min=2,max=24"` + Name string `json:"name" validate:"required,lowercase,alphanum,min=4,max=16"` + Nick string `json:"nick" validate:"required"` Email string `json:"email" validate:"required,email"` Password string `json:"password" validate:"required,min=4,max=32"` MagicToken string `json:"magic_token"` @@ -165,7 +171,15 @@ func doRegister(c *fiber.Ctx) error { if err := exts.BindAndValidate(c, &data); err != nil { return err - } else if viper.GetBool("use_registration_magic_token") && len(data.MagicToken) <= 0 { + } else { + data.Name = strings.TrimSpace(data.Name) + data.Nick = strings.TrimSpace(data.Nick) + data.Email = strings.TrimSpace(data.Email) + } + if !services.ValidateAccountName(data.Nick, 4, 24) { + return fiber.NewError(fiber.StatusBadRequest, "invalid account nick, length requires 4 to 24") + } + if viper.GetBool("use_registration_magic_token") && len(data.MagicToken) <= 0 { return fmt.Errorf("missing magic token in request") } else if viper.GetBool("use_registration_magic_token") { if tk, err := services.ValidateMagicToken(data.MagicToken, models.RegistrationMagicToken); err != nil { diff --git a/pkg/internal/services/accounts.go b/pkg/internal/services/accounts.go index dd6b771..2191d24 100644 --- a/pkg/internal/services/accounts.go +++ b/pkg/internal/services/accounts.go @@ -3,6 +3,7 @@ package services import ( "fmt" "time" + "unicode" "gorm.io/gorm/clause" @@ -16,6 +17,18 @@ import ( "github.com/samber/lo" ) +func ValidateAccountName(val string, min, max int) bool { + actualLength := 0 + for _, r := range val { + if unicode.Is(unicode.Han, r) || unicode.Is(unicode.Hiragana, r) || unicode.Is(unicode.Katakana, r) || unicode.Is(unicode.Hangul, r) { + actualLength += 2 + } else { + actualLength += 1 + } + } + return min > actualLength && actualLength < max +} + func GetAccount(id uint) (models.Account, error) { var account models.Account if err := database.C.Where(models.Account{