From 5be0b168c51eb33eb2d019b3ae423dc77a7dcd20 Mon Sep 17 00:00:00 2001 From: Sam Date: Mon, 27 Mar 2023 01:23:04 +0200 Subject: [PATCH] feat(frontend): validate username and member name client-side too --- backend/routes/member/create_member.go | 2 +- frontend/src/routes/@[username]/+page.svelte | 19 ++++++++---- .../src/routes/auth/login/CallbackPage.svelte | 29 ++++++++++++++----- 3 files changed, 37 insertions(+), 13 deletions(-) diff --git a/backend/routes/member/create_member.go b/backend/routes/member/create_member.go index bea0f2e..d72d75f 100644 --- a/backend/routes/member/create_member.go +++ b/backend/routes/member/create_member.go @@ -75,7 +75,7 @@ func (s *Server) createMember(w http.ResponseWriter, r *http.Request) (err error if !db.MemberNameValid(cmr.Name) { return server.APIError{ Code: server.ErrBadRequest, - Details: "Member name cannot contain any of the following: @, \\, ?, !, #, /, \\, [, ], \", ', $, %, &, (, ), +, <, =, >, ^, |, ~, `, ,", + Details: "Member name cannot contain any of the following: @, ?, !, #, /, \\, [, ], \", ', $, %, &, (, ), +, <, =, >, ^, |, ~, `, ,", } } diff --git a/frontend/src/routes/@[username]/+page.svelte b/frontend/src/routes/@[username]/+page.svelte index 265465f..859c929 100644 --- a/frontend/src/routes/@[username]/+page.svelte +++ b/frontend/src/routes/@[username]/+page.svelte @@ -58,10 +58,13 @@ memberPage = memberPage + 1; }; + const memberNameRegex = /^[^@\\?!#\/\\\\[\]\"'$%&()+<=>^|~`,]{1,100}$/; let modalOpen = false; let toggleModal = () => (modalOpen = !modalOpen); let newMemberName = ""; let newMemberError: APIError | null = null; + let memberNameValid = true; + $: memberNameValid = memberNameRegex.test(newMemberName); const createMember = async () => { try { @@ -210,10 +213,8 @@

You don't have any members yet.
- Members are sub-profiles that can have their own avatar, - names, pronouns, and preferred terms. (only you can see this) + Members are sub-profiles that can have their own avatar, names, pronouns, and preferred terms. + (only you can see this)

{/if} @@ -221,12 +222,20 @@ +

+ Your members must have distinct names. Member + names must be 100 characters long at most, and cannot contain the following characters: @ ? + ! # / \ [ ] " ' $ % & ( ) + < = > ^ | ~ ` and , +

{#if newMemberError} {/if}
- diff --git a/frontend/src/routes/auth/login/CallbackPage.svelte b/frontend/src/routes/auth/login/CallbackPage.svelte index e57ef3d..df9b950 100644 --- a/frontend/src/routes/auth/login/CallbackPage.svelte +++ b/frontend/src/routes/auth/login/CallbackPage.svelte @@ -43,7 +43,11 @@ let deleteCancelled: boolean; let deleteError: APIError | null; + const usernameRegex = /^[\w-.]{2,40}$/; let username: string; + let usernameValid = true; + $: usernameValid = usernameRegex.test(username); + let inviteCode: string; let forceDeleteName = ""; let forceDeleteModalOpen = false; @@ -88,10 +92,10 @@ - Log in with the {authType} - pronouns.cc + Log in with {authType} - pronouns.cc -

Log in with the {authType}

+

Log in with {authType}

{#if error} @@ -122,23 +126,34 @@ +
+ Your username must be unique, be at most 40 + characters long, and only contain letters from the basic English alphabet, dashes, underscores, + and periods. Your username is used as part of your profile link, you can set a separate display + name. +
{#if requireInvite}
-
- You currently need an invite code to sign up. You can get - one from an existing user. +
+ You currently need an invite code to sign + up. You can get one from an existing user.
{/if} -
+
By signing up, you agree to the terms of service and the privacy policy.
- +

+ + {#if !usernameValid && username.length > 0} + That username is not valid. + {/if} +

{:else if isDeleted && token && selfDelete && deletedAt}