From 606a30640db3ac86e712c86c02d7c4d1e0139f66 Mon Sep 17 00:00:00 2001
From: Steven <stevenlgtm@gmail.com>
Date: Fri, 15 Mar 2024 08:37:58 +0800
Subject: [PATCH] fix: check username in signup

---
 server/route/api/v2/auth_service.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/server/route/api/v2/auth_service.go b/server/route/api/v2/auth_service.go
index ef4b139f..dd1959e5 100644
--- a/server/route/api/v2/auth_service.go
+++ b/server/route/api/v2/auth_service.go
@@ -189,6 +189,9 @@ func (s *APIV2Service) SignUp(ctx context.Context, request *apiv2pb.SignUpReques
 		Nickname:     request.Username,
 		PasswordHash: string(passwordHash),
 	}
+	if !util.ResourceNameMatcher.MatchString(strings.ToLower(create.Username)) {
+		return nil, status.Errorf(codes.InvalidArgument, "invalid username: %s", create.Username)
+	}
 
 	hostUserType := store.RoleHost
 	existedHostUsers, err := s.Store.ListUsers(ctx, &store.FindUser{