restrict whitespace from usernames

2025-02-12 03:29:16 +00:00 · 2022-07-20 23:26:52 -07:00 · 2022-07-20 23:26:52 -07:00 · 31fd45890a
commit 31fd45890a
parent b4c019abf8
2 changed files with 12 additions and 0 deletions
--- a/net/server/internal/api_addAccount.go
+++ b/net/server/internal/api_addAccount.go
@ -2,6 +2,7 @@ package databag

 import (
  "os"
+  "strings"
  "errors"
  "net/http"
  "crypto/sha256"
@ -36,6 +37,11 @@ func AddAccount(w http.ResponseWriter, r *http.Request) {
    return
  }

+  if strings.Contains(username, " ") || strings.Contains(username, "\t") {
+    ErrResponse(w, http.StatusConflict, errors.New("username has whitespace"));
+    return
+  }
+
  // check if username is taken
  var count int64
  if err := store.DB.Model(&store.Account{}).Where("username = ?", username).Count(&count).Error; err != nil {
--- a/net/server/internal/api_getAccountUsername.go
+++ b/net/server/internal/api_getAccountUsername.go
@ -2,6 +2,7 @@ package databag

 import (
  "errors"
+  "strings"
  "net/http"
  "databag/internal/store"
 )
@ -34,6 +35,11 @@ func GetAccountUsername(w http.ResponseWriter, r *http.Request) {
    return
  }

+  if strings.Contains(username, " ") || strings.Contains(username, "\t") {
+    WriteResponse(w, false)
+    return
+  }
+
  var accounts []accountUsername;
  err := store.DB.Model(&store.Account{}).Where("username = ?", username).Find(&accounts).Error
  if err != nil {