fix: validate member name contents

2023-03-18 23:00:44 +01:00 · 2023-03-18 23:00:44 +01:00 · d223cd89e8
commit d223cd89e8
parent fe0680d587
4 changed files with 53 additions and 1 deletions
--- a/backend/db/member.go
+++ b/backend/db/member.go
@ -2,6 +2,7 @@ package db

 import (
 	"context"
+	"regexp"

 	"emperror.dev/errors"
 	"github.com/georgysavva/scany/pgxscan"
@ -32,6 +33,13 @@ const (
 	ErrMemberNameInUse = errors.Sentinel("member name already in use")
 )

+// member names must match this regex
+var memberNameRegex = regexp.MustCompile("^[^@\\?!#/\\\\[\\]\"'$%&()+<=>^|~`,]{1,100}$")
+
+func MemberNameValid(name string) bool {
+	return memberNameRegex.MatchString(name)
+}
+
 func (db *DB) Member(ctx context.Context, id xid.ID) (m Member, err error) {
 	sql, args, err := sq.Select("*").From("members").Where("id = ?", id).ToSql()
 	if err != nil {