YourSelfHosted/memos
1
0
Fork 0
mirror of https://github.com/usememos/memos.git synced 2025-06-05 22:09:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: invalid username checks

Browse Source
This commit is contained in:
Steven
2023-09-18 22:34:31 +08:00
parent 2375001453
commit bff41a8957
22 changed files with 106 additions and 132 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
api/v1/user.go
View File

@ -140,6 +140,9 @@ func (s *APIV1Service) CreateUser(c echo.Context) error {
if err := userCreate.Validate(); err != nil {
return echo.NewHTTPError(http.StatusBadRequest, "Invalid user create format").SetInternal(err)
}
if !usernameMatcher.MatchString(userCreate.Username) {
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Invalid username %s", userCreate.Username)).SetInternal(err)
}
// Disallow host user to be created.
if userCreate.Role == RoleHost {
return echo.NewHTTPError(http.StatusForbidden, "Could not create host user")
@ -362,6 +365,9 @@ func (s *APIV1Service) UpdateUser(c echo.Context) error {
userUpdate.RowStatus = &rowStatus
}
if request.Username != nil {
if !usernameMatcher.MatchString(*request.Username) {
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Invalid username %s", *request.Username)).SetInternal(err)
}
userUpdate.Username = request.Username
}
if request.Email != nil {