Add username validation
This commit is contained in:
parent
c52160ab69
commit
39280f479c
8
Cargo.lock
generated
8
Cargo.lock
generated
@ -1144,15 +1144,15 @@ checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
|
||||
|
||||
[[package]]
|
||||
name = "pkg-config"
|
||||
version = "0.3.21"
|
||||
version = "0.3.22"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "10e2fcbb64ecbe64c8e040a386c3104d384583af58b956d870aaaf229df6e66d"
|
||||
checksum = "12295df4f294471248581bc09bef3c38a5e46f1e36d6a37353621a0c6c357e1f"
|
||||
|
||||
[[package]]
|
||||
name = "ppv-lite86"
|
||||
version = "0.2.14"
|
||||
version = "0.2.15"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "c3ca011bd0129ff4ae15cd04c4eef202cadf6c51c21e47aba319b4e0501db741"
|
||||
checksum = "ed0cfbc8191465bed66e1718596ee0b0b35d5ee1f41c5df2189d0fe8bde535ba"
|
||||
|
||||
[[package]]
|
||||
name = "proc-macro-error"
|
||||
|
||||
@ -114,6 +114,24 @@ fn id_to_uuid(id: &ID) -> Result<Uuid, uuid::Error> {
|
||||
Uuid::from_str(&id)
|
||||
}
|
||||
|
||||
fn is_valid_user_name(username: &str) -> bool {
|
||||
if !username.starts_with('@') {
|
||||
return false;
|
||||
}
|
||||
|
||||
for c in username[1..].chars() {
|
||||
if !(
|
||||
c.is_ascii_alphabetic() && c.is_ascii_lowercase() ||
|
||||
c.is_ascii_digit() ||
|
||||
"_-.".contains(c)
|
||||
) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
true
|
||||
}
|
||||
|
||||
#[derive(Clone, Debug)]
|
||||
pub struct Context {
|
||||
#[cfg(feature = "sqlite")]
|
||||
@ -338,8 +356,12 @@ pub struct Query;
|
||||
#[graphql_object(context = Context)]
|
||||
impl Query {
|
||||
async fn getUserID(context: &Context, username: String) -> FieldResult<ID> {
|
||||
if !is_valid_user_name(&username) {
|
||||
return Err(format!("{:?} is not a valid username", username).into());
|
||||
}
|
||||
|
||||
sqlx::query(format!(
|
||||
r#"SELECT id FROM users WHERE user_name="{}""#,
|
||||
"SELECT id FROM users WHERE user_name={:?}",
|
||||
username
|
||||
).as_str()).fetch_one(&context.db).await?
|
||||
.try_get::<String, _>("id")
|
||||
@ -411,20 +433,24 @@ pub struct Mutation;
|
||||
impl Mutation {
|
||||
async fn createUser(context: &Context, new_user: NewUser) -> FieldResult<ID> {
|
||||
let user: User = new_user.clone().into();
|
||||
if !is_valid_user_name(&user.user_name) {
|
||||
return Err(format!("{:?} is not a valid username", user.user_name).into());
|
||||
}
|
||||
|
||||
let uuid = id_to_uuid(&user.id)?.to_simple();
|
||||
let user_preferences: UserPreferences = new_user.into();
|
||||
|
||||
if sqlx::query(
|
||||
format!(r#"SELECT id FROM users WHERE user_name="{}""#, user.user_name).as_str()
|
||||
format!("SELECT id FROM users WHERE user_name={:?}", user.user_name).as_str()
|
||||
).fetch_all(&context.db).await?.len() > 0 {
|
||||
return Err("username is already in use".into());
|
||||
}
|
||||
|
||||
sqlx::query(format!(
|
||||
r#"INSERT INTO users VALUES ("{}", "{}", {}, {}, {}, {})"#,
|
||||
r#"INSERT INTO users VALUES ("{}", {:?}, {}, {}, {}, {})"#,
|
||||
uuid,
|
||||
user.user_name,
|
||||
user.display_name.map(|x| format!(r#""{}""#, x)).unwrap_or("NULL".to_string()),
|
||||
user.display_name.map(|x| format!("{:?}", x)).unwrap_or("NULL".to_string()),
|
||||
user.activated as u8,
|
||||
user.created.timestamp(),
|
||||
match user.last_online {
|
||||
@ -435,7 +461,7 @@ impl Mutation {
|
||||
|
||||
let privacy_preferences = user_preferences.privacy_preferences;
|
||||
sqlx::query(format!(
|
||||
r#"INSERT INTO privacy_preferences VALUES ("{}", {}, "{}", "{}", {}, "{}", "{}", {}, {}, "{}", "{}")"#,
|
||||
r#"INSERT INTO privacy_preferences VALUES ("{}", {}, {:?}, {:?}, {}, {:?}, {:?}, {}, {}, {:?}, {:?})"#,
|
||||
uuid,
|
||||
privacy_preferences.discovery as u8,
|
||||
format_array_for_sql(&privacy_preferences.discovery_user_limit),
|
||||
@ -459,7 +485,7 @@ impl Mutation {
|
||||
|
||||
let security_preferences = user_preferences.security_preferences;
|
||||
sqlx::query(format!(
|
||||
r#"INSERT INTO security_preferences VALUES ("{}", "{}", "{}")"#,
|
||||
r#"INSERT INTO security_preferences VALUES ("{}", {:?}, {:?})"#,
|
||||
uuid,
|
||||
format_array_for_sql(&security_preferences.account_tokens),
|
||||
security_preferences.password_hash,
|
||||
@ -467,7 +493,7 @@ impl Mutation {
|
||||
|
||||
let external_servers_preferences = user_preferences.external_servers_preferences;
|
||||
sqlx::query(format!(
|
||||
r#"INSERT INTO external_servers_preferences VALUES ("{}", {}, "{}")"#,
|
||||
r#"INSERT INTO external_servers_preferences VALUES ("{}", {}, {:?})"#,
|
||||
uuid,
|
||||
external_servers_preferences.external_servers as u8,
|
||||
format_array_for_sql(&external_servers_preferences.external_servers_limit),
|
||||
@ -475,7 +501,7 @@ impl Mutation {
|
||||
|
||||
let external_servers_privacy_preferences = external_servers_preferences.privacy_preferences;
|
||||
sqlx::query(format!(
|
||||
r#"INSERT INTO external_servers_privacy_preferences VALUES ("{}", {}, "{}", "{}", {}, "{}", "{}", {}, {}, "{}", "{}")"#,
|
||||
r#"INSERT INTO external_servers_privacy_preferences VALUES ("{}", {}, {:?}, {:?}, {}, {:?}, {:?}, {}, {}, {:?}, {:?})"#,
|
||||
uuid,
|
||||
external_servers_privacy_preferences.discovery as u8,
|
||||
format_array_for_sql(&external_servers_privacy_preferences.discovery_user_limit),
|
||||
|
||||
Loading…
Reference in New Issue
Block a user