Add regex matching check also when creating a new user

2025-03-13 13:35:23 +01:00 · 2022-12-22 17:37:01 +01:00 · 2022-12-22 17:37:01 +01:00 · 1d11a5ba81
commit 1d11a5ba81
parent 13b2cc066e
2 changed files with 16 additions and 1 deletions
--- a/service/api/post-session.go
+++ b/service/api/post-session.go
@ -3,6 +3,7 @@ package api
 import (
 	"encoding/json"
 	"net/http"
+	"regexp"

 	"github.com/julienschmidt/httprouter"
 	"github.com/notherealmarco/WASAPhoto/service/api/helpers"
@ -29,7 +30,21 @@ func (rt *_router) PostSession(w http.ResponseWriter, r *http.Request, ps httpro
 	if err == nil { // test if user exists
 		uid, err = rt.db.GetUserID(request.Name)
 	}
+
 	if db_errors.EmptySet(err) { // user does not exist
+
+		// before creating the user, check if the name is valid
+		stat, regex_err := regexp.Match(`^[a-zA-Z0-9_]{3,16}$`, []byte(request.Name))
+		if regex_err != nil {
+			helpers.SendInternalError(err, "Error while matching username regex", w, rt.baseLogger)
+			return
+		}
+		if !stat {
+			// username didn't match the regex, so it's invalid, let's send a bad request error
+			helpers.SendBadRequest(w, "Username must be between 3 and 16 characters long and can only contain letters, numbers and underscores", rt.baseLogger)
+			return
+		}
+
 		uid, err = rt.db.CreateUser(request.Name)
 	}
 	if err != nil { // handle any other error
--- a/service/api/put-updateusername.go
+++ b/service/api/put-updateusername.go
@ -26,7 +26,7 @@ func (rt *_router) UpdateUsername(w http.ResponseWriter, r *http.Request, ps htt
 	stat, err := regexp.Match(`^[a-zA-Z0-9_]{3,16}$`, []byte(req.Name))

 	if err != nil {
-		helpers.SendInternalError(err, "Error while matching username", w, rt.baseLogger)
+		helpers.SendInternalError(err, "Error while matching username regex", w, rt.baseLogger)
 		return
 	}