From c071aca5c5c16d56aafe38ace2b2c158e1b875fc Mon Sep 17 00:00:00 2001 From: Daniel Hader Date: Fri, 5 Jun 2026 19:29:40 -0500 Subject: server text sanitation, username/email filters, and code length measurement --- src/routes/user.rs | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'src/routes/user.rs') diff --git a/src/routes/user.rs b/src/routes/user.rs index 178a272..31a5824 100644 --- a/src/routes/user.rs +++ b/src/routes/user.rs @@ -1,6 +1,7 @@ use axum::extract::{Json, State}; use axum::http::StatusCode; use axum::response::IntoResponse; +use regex::Regex; use serde::{Deserialize, Serialize}; use crate::AppState; @@ -12,6 +13,7 @@ pub(crate) struct CreateUserRequest { email: String, username: String, password: String, + register_code: String, } pub async fn create_user( @@ -19,6 +21,20 @@ pub async fn create_user( Json(request): Json ) -> Result { + if request.register_code != state.register_code { + return Err(RouteError::AuthorizationFailure()); + } + + let email_re = Regex::new(r"^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$").unwrap(); + if !email_re.is_match(&request.email) { + return Err(RouteError::MalformedField("email".into())); + } + + let username_re = Regex::new(r"^[a-zA-Z0-9_\-]+$").unwrap(); + if !username_re.is_match(&request.username) { + return Err(RouteError::MalformedField("username".into())); + } + match state.database.fetch_user_by_email(&request.email) { Err(_) => return Err(RouteError::Internal("database action failed".into())), Ok(Some(_)) => return Err(RouteError::UserCreateEmailExists(request.email)), -- cgit v1.2.3