fix: validate member name contents
This commit is contained in:
parent
fe0680d587
commit
d223cd89e8
GPG key ID:
B4EF20DDE721CAA1
4 changed files with 53 additions and 1 deletions
|
|
@ -3,6 +3,7 @@ package member
|
|||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"codeberg.org/u1f320/pronouns.cc/backend/db"
|
||||
"codeberg.org/u1f320/pronouns.cc/backend/log"
|
||||
|
|
@ -51,6 +52,13 @@ func (s *Server) createMember(w http.ResponseWriter, r *http.Request) (err error
|
|||
return server.APIError{Code: server.ErrBadRequest}
|
||||
}
|
||||
|
||||
// remove whitespace from all fields
|
||||
cmr.Name = strings.TrimSpace(cmr.Name)
|
||||
cmr.Bio = strings.TrimSpace(cmr.Bio)
|
||||
if cmr.DisplayName != nil {
|
||||
*cmr.DisplayName = strings.TrimSpace(*cmr.DisplayName)
|
||||
}
|
||||
|
||||
// validate everything
|
||||
if cmr.Name == "" {
|
||||
return server.APIError{
|
||||
|
|
@ -64,6 +72,13 @@ func (s *Server) createMember(w http.ResponseWriter, r *http.Request) (err error
|
|||
}
|
||||
}
|
||||
|
||||
if !db.MemberNameValid(cmr.Name) {
|
||||
return server.APIError{
|
||||
Code: server.ErrBadRequest,
|
||||
Details: "Member name cannot contain any of the following: @, \\, ?, !, #, /, \\, [, ], \", ', $, %, &, (, ), +, <, =, >, ^, |, ~, `, ,",
|
||||
}
|
||||
}
|
||||
|
||||
if err := validateSlicePtr("name", &cmr.Names); err != nil {
|
||||
return *err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ package member
|
|||
import (
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"codeberg.org/u1f320/pronouns.cc/backend/db"
|
||||
"codeberg.org/u1f320/pronouns.cc/backend/log"
|
||||
|
|
@ -68,11 +69,37 @@ func (s *Server) patchMember(w http.ResponseWriter, r *http.Request) error {
|
|||
}
|
||||
}
|
||||
|
||||
// trim whitespace from strings
|
||||
if req.Name != nil {
|
||||
*req.Name = strings.TrimSpace(*req.Name)
|
||||
}
|
||||
if req.DisplayName != nil {
|
||||
*req.DisplayName = strings.TrimSpace(*req.Name)
|
||||
}
|
||||
if req.Bio != nil {
|
||||
*req.Bio = strings.TrimSpace(*req.Bio)
|
||||
}
|
||||
|
||||
if req.Name != nil && *req.Name == "" {
|
||||
return server.APIError{
|
||||
Code: server.ErrBadRequest,
|
||||
Details: "Name must not be empty",
|
||||
}
|
||||
} else if req.Name != nil && len(*req.Name) > 100 {
|
||||
return server.APIError{
|
||||
Code: server.ErrBadRequest,
|
||||
Details: "Name may not be longer than 100 characters",
|
||||
}
|
||||
}
|
||||
|
||||
// validate member name
|
||||
if req.Name != nil {
|
||||
if !db.MemberNameValid(*req.Name) {
|
||||
return server.APIError{
|
||||
Code: server.ErrBadRequest,
|
||||
Details: "Member name cannot contain any of the following: @, \\, ?, !, #, /, \\, [, ], \", ', $, %, &, (, ), +, <, =, >, ^, |, ~, `, ,",
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// validate display name/bio
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue