restrict whitespace from usernames

net/server/internal/api_addAccount.go

@@ -2,6 +2,7 @@ package databag
 
 import (
   "os"
+  "strings"
   "errors"
   "net/http"
   "crypto/sha256"
@@ -36,6 +37,11 @@ func AddAccount(w http.ResponseWriter, r *http.Request) {
     return
   }
 
+  if strings.Contains(username, " ") || strings.Contains(username, "\t") {
+    ErrResponse(w, http.StatusConflict, errors.New("username has whitespace"));
+    return
+  }
+
   // check if username is taken
   var count int64
   if err := store.DB.Model(&store.Account{}).Where("username = ?", username).Count(&count).Error; err != nil {

net/server/internal/api_getAccountUsername.go

@@ -2,6 +2,7 @@ package databag
 
 import (
   "errors"
+  "strings"
   "net/http"
   "databag/internal/store"
 )
@@ -34,6 +35,11 @@ func GetAccountUsername(w http.ResponseWriter, r *http.Request) {
     return
   }
 
+  if strings.Contains(username, " ") || strings.Contains(username, "\t") {
+    WriteResponse(w, false)
+    return
+  }
+
   var accounts []accountUsername;
   err := store.DB.Model(&store.Account{}).Where("username = ?", username).Find(&accounts).Error
   if err != nil {