chore: update userinfo validator (#868)

* chore: update userinfo validator

* chore: update actions

* chore: update

.github/workflows/backend-tests-default.yml

@@ -0,0 +1,20 @@
+name: Backend Test
+
+on:
+  pull_request:
+    branches:
+      - main
+      - "release/v*.*.*"
+    paths:
+      - "web/**"
+
+jobs:
+  go-static-checks:
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "Not required"'
+
+  go-tests:
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "Not required"'

.github/workflows/backend-tests.yml

@@ -1,12 +1,10 @@
 name: Backend Test
 
 on:
-  push:
+  pull_request:
     branches:
       - main
       - "release/v*.*.*"
-  pull_request:
-    branches: [main]
     paths-ignore:
       - "web/**"
 

.github/workflows/frontend-tests-default.yml

@@ -0,0 +1,25 @@
+name: Frontend Test
+
+on:
+  pull_request:
+    branches:
+      - main
+      - "release/v*.*.*"
+    paths-ignore:
+      - "web/**"
+
+jobs:
+  eslint-checks:
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "Not required"'
+
+  jest-tests:
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "Not required"'
+
+  frontend-build:
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "Not required"'

.github/workflows/frontend-tests.yml

@@ -1,12 +1,10 @@
 name: Frontend Test
 
 on:
-  push:
+  pull_request:
     branches:
       - main
       - "release/v*.*.*"
-  pull_request:
-    branches: [main]
     paths:
       - "web/**"
 

api/user.go

@@ -2,6 +2,8 @@ package api
 
 import (
 	"fmt"
+
+	"github.com/usememos/memos/common"
 )
 
 // Role is the type of a role.
@@ -61,9 +63,23 @@ func (create UserCreate) Validate() error {
 	if len(create.Username) < 4 {
 		return fmt.Errorf("username is too short, minimum length is 4")
 	}
+	if len(create.Username) > 32 {
+		return fmt.Errorf("username is too long, maximum length is 32")
+	}
 	if len(create.Password) < 4 {
 		return fmt.Errorf("password is too short, minimum length is 4")
 	}
+	if len(create.Nickname) > 64 {
+		return fmt.Errorf("nickname is too long, maximum length is 64")
+	}
+	if create.Email != "" {
+		if len(create.Email) > 256 {
+			return fmt.Errorf("email is too long, maximum length is 256")
+		}
+		if common.ValidateEmail(create.Email) {
+			return fmt.Errorf("invalid email format")
+		}
+	}
 
 	return nil
 }
@@ -85,6 +101,31 @@ type UserPatch struct {
 	OpenID       *string
 }
 
+func (patch UserPatch) Validate() error {
+	if patch.Username != nil && len(*patch.Username) < 4 {
+		return fmt.Errorf("username is too short, minimum length is 4")
+	}
+	if patch.Username != nil && len(*patch.Username) > 32 {
+		return fmt.Errorf("username is too long, maximum length is 32")
+	}
+	if patch.Password != nil && len(*patch.Password) < 4 {
+		return fmt.Errorf("password is too short, minimum length is 4")
+	}
+	if patch.Nickname != nil && len(*patch.Nickname) > 64 {
+		return fmt.Errorf("nickname is too long, maximum length is 64")
+	}
+	if patch.Email != nil {
+		if len(*patch.Email) > 256 {
+			return fmt.Errorf("email is too long, maximum length is 256")
+		}
+		if common.ValidateEmail(*patch.Email) {
+			return fmt.Errorf("invalid email format")
+		}
+	}
+
+	return nil
+}
+
 type UserFind struct {
 	ID *int `json:"id"`
 

server/user.go

@@ -198,9 +198,8 @@ func (s *Server) registerUserRoutes(g *echo.Group) {
 		if err := json.NewDecoder(c.Request().Body).Decode(userPatch); err != nil {
 			return echo.NewHTTPError(http.StatusBadRequest, "Malformatted patch user request").SetInternal(err)
 		}
-
+		if err := userPatch.Validate(); err != nil {
-		if userPatch.Email != nil && *userPatch.Email != "" && !common.ValidateEmail(*userPatch.Email) {
+			return echo.NewHTTPError(http.StatusBadRequest, "Invalid user patch format.").SetInternal(err)
-			return echo.NewHTTPError(http.StatusBadRequest, "Invalid email format")
 		}
 
 		if userPatch.Password != nil && *userPatch.Password != "" {