Hypernet/Passport
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Better account name validation

Browse Source
This commit is contained in:
LittleSheep 2024-08-01 12:21:34 +08:00
parent 688d026d75
commit c51af61820
2 changed files with 31 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
pkg/internal/server/api/accounts_api.go
View File

@ -3,6 +3,7 @@ package api
import ( import (
"fmt" "fmt"
"strconv" "strconv"
"strings"
"time" "time"
"git.solsynth.dev/hydrogen/passport/pkg/internal/server/exts" "git.solsynth.dev/hydrogen/passport/pkg/internal/server/exts"
@ -118,7 +119,7 @@ func editUserinfo(c *fiber.Ctx) error {
user := c.Locals("user").(models.Account) user := c.Locals("user").(models.Account)
var data struct { var data struct {
Nick string `json:"nick" validate:"required,min=2,max=24"` Nick string `json:"nick" validate:"required"`
Description string `json:"description"` Description string `json:"description"`
FirstName string `json:"first_name"` FirstName string `json:"first_name"`
LastName string `json:"last_name"` LastName string `json:"last_name"`
@ -127,6 +128,11 @@ func editUserinfo(c *fiber.Ctx) error {
if err := exts.BindAndValidate(c, &data); err != nil { if err := exts.BindAndValidate(c, &data); err != nil {
return err return err
} else {
data.Nick = strings.TrimSpace(data.Nick)
}
if !services.ValidateAccountName(data.Nick, 4, 24) {
return fiber.NewError(fiber.StatusBadRequest, "invalid account nick, length requires 4 to 24")
} }
var account models.Account var account models.Account
@ -156,8 +162,8 @@ func editUserinfo(c *fiber.Ctx) error {
func doRegister(c *fiber.Ctx) error { func doRegister(c *fiber.Ctx) error {
var data struct { var data struct {
Name string `json:"name" validate:"required,lowercase,alphanum,min=2,max=16"` Name string `json:"name" validate:"required,lowercase,alphanum,min=4,max=16"`
Nick string `json:"nick" validate:"required,min=2,max=24"` Nick string `json:"nick" validate:"required"`
Email string `json:"email" validate:"required,email"` Email string `json:"email" validate:"required,email"`
Password string `json:"password" validate:"required,min=4,max=32"` Password string `json:"password" validate:"required,min=4,max=32"`
MagicToken string `json:"magic_token"` MagicToken string `json:"magic_token"`
@ -165,7 +171,15 @@ func doRegister(c *fiber.Ctx) error {
if err := exts.BindAndValidate(c, &data); err != nil { if err := exts.BindAndValidate(c, &data); err != nil {
return err return err
} else if viper.GetBool("use_registration_magic_token") && len(data.MagicToken) <= 0 { } else {
data.Name = strings.TrimSpace(data.Name)
data.Nick = strings.TrimSpace(data.Nick)
data.Email = strings.TrimSpace(data.Email)
}
if !services.ValidateAccountName(data.Nick, 4, 24) {
return fiber.NewError(fiber.StatusBadRequest, "invalid account nick, length requires 4 to 24")
}
if viper.GetBool("use_registration_magic_token") && len(data.MagicToken) <= 0 {
return fmt.Errorf("missing magic token in request") return fmt.Errorf("missing magic token in request")
} else if viper.GetBool("use_registration_magic_token") { } else if viper.GetBool("use_registration_magic_token") {
if tk, err := services.ValidateMagicToken(data.MagicToken, models.RegistrationMagicToken); err != nil { if tk, err := services.ValidateMagicToken(data.MagicToken, models.RegistrationMagicToken); err != nil {

13
pkg/internal/services/accounts.go
View File

@ -3,6 +3,7 @@ package services
import ( import (
"fmt" "fmt"
"time" "time"
"unicode"
"gorm.io/gorm/clause" "gorm.io/gorm/clause"
@ -16,6 +17,18 @@ import (
"github.com/samber/lo" "github.com/samber/lo"
) )
func ValidateAccountName(val string, min, max int) bool {
actualLength := 0
for _, r := range val {
if unicode.Is(unicode.Han, r) || unicode.Is(unicode.Hiragana, r) || unicode.Is(unicode.Katakana, r) || unicode.Is(unicode.Hangul, r) {
actualLength += 2
} else {
actualLength += 1
}
}
return min > actualLength && actualLength < max
}
func GetAccount(id uint) (models.Account, error) { func GetAccount(id uint) (models.Account, error) {
var account models.Account var account models.Account
if err := database.C.Where(models.Account{ if err := database.C.Where(models.Account{