boiii
/
traxxx
forked from DebaucheryLibrarian/traxxx
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Curating usernames in sign-up and stash load tool.

This commit is contained in:
DebaucheryLibrarian 2023-06-08 03:57:50 +02:00
parent 1fc441670b
commit 914838e367
3 changed files with 21 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/default.js
View File

@ -37,6 +37,8 @@ module.exports = {
auth: { auth: {
login: true, login: true,
signup: true, signup: true,
usernameLength: [2, 24],
usernamePattern: /^[a-zA-Z0-9_-]$/,
}, },
exclude: { exclude: {
channels: [ channels: [

22
src/auth.js
View File

@ -26,7 +26,7 @@ async function login(credentials) {
throw new HttpError('Authentication is disabled', 405); throw new HttpError('Authentication is disabled', 405);
} }
const user = await fetchUser(credentials.username, true); const user = await fetchUser(credentials.username.trim(), true);
if (!user) { if (!user) {
throw new HttpError('Username or password incorrect', 401); throw new HttpError('Username or password incorrect', 401);
@ -46,10 +46,24 @@ async function signup(credentials) {
throw new HttpError('Authentication is disabled', 405); throw new HttpError('Authentication is disabled', 405);
} }
if (!credentials.username) { const curatedUsername = credentials.username.trim();
if (!curatedUsername) {
throw new HttpError('Username required', 400); throw new HttpError('Username required', 400);
} }
if (curatedUsername.length < config.auth.usernameLength[0]) {
throw new HttpError('Username is too short', 400);
}
if (curatedUsername.length > config.auth.usernameLength[1]) {
throw new HttpError('Username is too long', 400);
}
if (!config.auth.usernamePattern.test(curatedUsername)) {
throw new HttpError('Username contains invalid characters', 400);
}
if (!credentials.email) { if (!credentials.email) {
throw new HttpError('E-mail required', 400); throw new HttpError('E-mail required', 400);
} }
@ -59,7 +73,7 @@ async function signup(credentials) {
} }
const existingUser = await knex('users') const existingUser = await knex('users')
.where('username', credentials.username) .where('username', curatedUsername)
.orWhere('email', credentials.email) .orWhere('email', credentials.email)
.first(); .first();
@ -73,7 +87,7 @@ async function signup(credentials) {
const [userId] = await knex('users') const [userId] = await knex('users')
.insert({ .insert({
username: credentials.username, username: curatedUsername,
email: credentials.email, email: credentials.email,
password: storedPassword, password: storedPassword,
}) })

2
src/tools/stashes-load.js
View File

@ -120,7 +120,7 @@ async function load() {
const user = await knex('users') const user = await knex('users')
.select('id') .select('id')
.where('username', stash.username) .where('username', stash.username.trim())
.first(); .first();
if (!user) { if (!user) {