~vpzom/bracketmonster

bd165fcdff7d65503132b761848379e5df767c7e — Colin Reeder 4 years ago ea4fc47
Apply username restrictions for new accounts, too
1 files changed, 11 insertions(+), 4 deletions(-)

M brackend/src/routes/v1/users.rs
M brackend/src/routes/v1/users.rs => brackend/src/routes/v1/users.rs +11 -4
@@ 40,6 40,12 @@ async fn require_me(user: UserIDOrMe, me: UserID) -> Result<(), Error> {
    }
}

fn is_allowed_username(username: &str) -> bool {
    username
        .chars()
        .all(|chr| chr.is_ascii_alphabetic() || chr.is_ascii_digit())
}

pub fn route_users() -> crate::RouteNode<()> {
    let route_brackets = crate::RouteNode::new()
        .with_handler_async("GET", |(user,), ctx, req| async move {


@@ 91,6 97,10 @@ async fn route_users_create_fn(
    let client = db_pool.get().await?;

    let (user_id, username): (i32, _) = match if let Some(username) = body.username {
        if !is_allowed_username(&username) {
            return Err(Error::UserError(crate::simple_response(hyper::StatusCode::BAD_REQUEST, "Invalid characters in username")));
        }

        if let Some(password) = body.password {
            let password_hash =
                tokio::task::spawn_blocking(|| bcrypt::hash(password, bcrypt::DEFAULT_COST))


@@ 222,10 232,7 @@ async fn route_users_edit_fn(
    let mut columns = Vec::with_capacity(3);

    if let Some(username) = body.username {
        if !username
            .chars()
            .all(|chr| chr.is_ascii_alphabetic() || chr.is_ascii_digit())
        {
        if !is_allowed_username(&username) {
            return Err(Error::UserError({
                let mut res = hyper::Response::new("Invalid characters in username".into());
                *res.status_mut() = hyper::StatusCode::BAD_REQUEST;