From accebd00f5825e1268e25f7f2c8b95af388f50b0 Mon Sep 17 00:00:00 2001
From: Cohee <18619528+Cohee1207@users.noreply.github.com>
Date: Wed, 10 Apr 2024 01:29:35 +0300
Subject: [PATCH] Stricter handle cleanup
---
public/scripts/templates/deleteUser.html | 8 +++++---
src/constants.js | 2 +-
src/endpoints/users-admin.js | 7 ++++++-
3 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/public/scripts/templates/deleteUser.html b/public/scripts/templates/deleteUser.html
index 35f4cd1fc..6932f3b99 100644
--- a/public/scripts/templates/deleteUser.html
+++ b/public/scripts/templates/deleteUser.html
@@ -16,9 +16,11 @@
This action is irreversible.
-
diff --git a/src/constants.js b/src/constants.js
index 2c5bd5e7d..929e7e7cd 100644
--- a/src/constants.js
+++ b/src/constants.js
@@ -50,7 +50,7 @@ const DEFAULT_USER = Object.freeze({
uuid: '00000000-0000-0000-0000-000000000000',
handle: 'user0',
name: 'User',
- created: 0,
+ created: Date.now(),
password: '',
admin: true,
enabled: true,
diff --git a/src/endpoints/users-admin.js b/src/endpoints/users-admin.js
index e3e45afe2..764f5263e 100644
--- a/src/endpoints/users-admin.js
+++ b/src/endpoints/users-admin.js
@@ -157,7 +157,12 @@ router.post('/create', requireAdminMiddleware, jsonParser, async (request, respo
}
const handles = await getAllUserHandles();
- const handle = slugify(request.body.handle, { lower: true, trim: true });
+ const handle = slugify(request.body.handle, { lower: true, trim: true, remove: /[^a-z0-9-]/g });
+
+ if (!handle) {
+ console.log('Create user failed: Invalid handle');
+ return response.status(400).json({ error: 'Invalid handle' });
+ }
if (handles.some(x => x === handle)) {
console.log('Create user failed: User with that handle already exists');