server text sanitation, username/email filters, and code length measurement

author: Daniel Hader <[email protected]> 2026-06-05 19:29:40 -0500
committer: Daniel Hader <[email protected]> 2026-06-05 19:29:40 -0500
commit: c071aca5c5c16d56aafe38ace2b2c158e1b875fc (patch)
tree: aa947a0f6fa53be3de6fb879aa5c4d96bc087cf1 /src/routes/submission.rs
parent: 3ac68b8b59f150e08731a62026ce3ac825655614 (diff)
1 files changed, 12 insertions, 4 deletions
diff --git a/src/routes/submission.rs b/src/routes/submission.rs
index b3cf2b9..99767c2 100644
--- a/src/routes/submission.rs
+++ b/src/routes/submission.rs
@@ -1,3 +1,4 @@
+use ammonia::clean_text;
 use axum::{Json, extract::{Path, State}, http::StatusCode, response::IntoResponse};
 use serde::Deserialize;
 
@@ -18,15 +19,22 @@ pub async fn create_submission(
 ) -> Result<impl IntoResponse, RouteError> {
     let user_id = claims.sub;
 
+    let code_length = request.code.len() as i64;
+    
+    let language = clean_text(&request.language);
+    let details = clean_text(&request.details);
+    let code = clean_text(&request.code);
+
     match state.database.insert_submission(
         user_id,
         request.problem_id,
-        &request.language,
-        &request.details,
-        &request.code
+        &language,
+        &details,
+        &code,
+        code_length,
     ) {
         Ok(submission) => Ok((StatusCode::CREATED, Json(submission))),
-        Err(_) => Err(RouteError::Internal(format!("unable to insert submission")))
+        Err(e) => Err(RouteError::Internal(format!("unable to insert submission {e:?}")))
     }
 }
author	Daniel Hader <[email protected]>	2026-06-05 19:29:40 -0500
committer	Daniel Hader <[email protected]>	2026-06-05 19:29:40 -0500
commit	c071aca5c5c16d56aafe38ace2b2c158e1b875fc (patch)
tree	aa947a0f6fa53be3de6fb879aa5c4d96bc087cf1 /src/routes/submission.rs
parent	3ac68b8b59f150e08731a62026ce3ac825655614 (diff)