WDG/noise-server
3
2
Fork 0
Code Issues 3 Pull Requests Projects 2 Releases 1 Wiki Activity

Add username validation

Browse Source
This commit is contained in:
Elias Schriefer
2021-10-25 17:47:51 +02:00
parent c52160ab69
commit 39280f479c
2 changed files with 38 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
src/graphql.rs
View File

@@ -114,6 +114,24 @@ fn id_to_uuid(id: &ID) -> Result<Uuid, uuid::Error> {
Uuid::from_str(&id)
}
fn is_valid_user_name(username: &str) -> bool {
if !username.starts_with('@') {
return false;
}
for c in username[1..].chars() {
if !(
c.is_ascii_alphabetic() && c.is_ascii_lowercase() ||
c.is_ascii_digit() ||
"_-.".contains(c)
) {
return false;
}
}
true
}
#[derive(Clone, Debug)]
pub struct Context {
#[cfg(feature = "sqlite")]
@@ -338,8 +356,12 @@ pub struct Query;
#[graphql_object(context = Context)]
impl Query {
async fn getUserID(context: &Context, username: String) -> FieldResult<ID> {
if !is_valid_user_name(&username) {
return Err(format!("{:?} is not a valid username", username).into());
}
sqlx::query(format!(
r#"SELECT id FROM users WHERE user_name="{}""#,
"SELECT id FROM users WHERE user_name={:?}",
username
).as_str()).fetch_one(&context.db).await?
.try_get::<String, _>("id")
@@ -411,20 +433,24 @@ pub struct Mutation;
impl Mutation {
async fn createUser(context: &Context, new_user: NewUser) -> FieldResult<ID> {
let user: User = new_user.clone().into();
if !is_valid_user_name(&user.user_name) {
return Err(format!("{:?} is not a valid username", user.user_name).into());
}
let uuid = id_to_uuid(&user.id)?.to_simple();
let user_preferences: UserPreferences = new_user.into();
if sqlx::query(
format!(r#"SELECT id FROM users WHERE user_name="{}""#, user.user_name).as_str()
format!("SELECT id FROM users WHERE user_name={:?}", user.user_name).as_str()
).fetch_all(&context.db).await?.len() > 0 {
return Err("username is already in use".into());
}
sqlx::query(format!(
r#"INSERT INTO users VALUES ("{}", "{}", {}, {}, {}, {})"#,
r#"INSERT INTO users VALUES ("{}", {:?}, {}, {}, {}, {})"#,
uuid,
user.user_name,
user.display_name.map(|x| format!(r#""{}""#, x)).unwrap_or("NULL".to_string()),
user.display_name.map(|x| format!("{:?}", x)).unwrap_or("NULL".to_string()),
user.activated as u8,
user.created.timestamp(),
match user.last_online {
@@ -435,7 +461,7 @@ impl Mutation {
let privacy_preferences = user_preferences.privacy_preferences;
sqlx::query(format!(
r#"INSERT INTO privacy_preferences VALUES ("{}", {}, "{}", "{}", {}, "{}", "{}", {}, {}, "{}", "{}")"#,
r#"INSERT INTO privacy_preferences VALUES ("{}", {}, {:?}, {:?}, {}, {:?}, {:?}, {}, {}, {:?}, {:?})"#,
uuid,
privacy_preferences.discovery as u8,
format_array_for_sql(&privacy_preferences.discovery_user_limit),
@@ -459,7 +485,7 @@ impl Mutation {
let security_preferences = user_preferences.security_preferences;
sqlx::query(format!(
r#"INSERT INTO security_preferences VALUES ("{}", "{}", "{}")"#,
r#"INSERT INTO security_preferences VALUES ("{}", {:?}, {:?})"#,
uuid,
format_array_for_sql(&security_preferences.account_tokens),
security_preferences.password_hash,
@@ -467,7 +493,7 @@ impl Mutation {
let external_servers_preferences = user_preferences.external_servers_preferences;
sqlx::query(format!(
r#"INSERT INTO external_servers_preferences VALUES ("{}", {}, "{}")"#,
r#"INSERT INTO external_servers_preferences VALUES ("{}", {}, {:?})"#,
uuid,
external_servers_preferences.external_servers as u8,
format_array_for_sql(&external_servers_preferences.external_servers_limit),
@@ -475,7 +501,7 @@ impl Mutation {
let external_servers_privacy_preferences = external_servers_preferences.privacy_preferences;
sqlx::query(format!(
r#"INSERT INTO external_servers_privacy_preferences VALUES ("{}", {}, "{}", "{}", {}, "{}", "{}", {}, {}, "{}", "{}")"#,
r#"INSERT INTO external_servers_privacy_preferences VALUES ("{}", {}, {:?}, {:?}, {}, {:?}, {:?}, {}, {}, {:?}, {:?})"#,
uuid,
external_servers_privacy_preferences.discovery as u8,
format_array_for_sql(&external_servers_privacy_preferences.discovery_user_limit),