Added Name Validation utility function
This commit is contained in:
parent
855c858503
commit
859edb9a27
71
src/api/routes/policies/instance/config.ts
Executable file
71
src/api/routes/policies/instance/config.ts
Executable file
@ -0,0 +1,71 @@
|
|||||||
|
/*
|
||||||
|
Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
|
||||||
|
Copyright (C) 2023 Spacebar and Spacebar Contributors
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU Affero General Public License as published
|
||||||
|
by the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU Affero General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU Affero General Public License
|
||||||
|
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
import { route } from "@spacebar/api";
|
||||||
|
import { Config, getRights } from "@spacebar/util";
|
||||||
|
import { Request, Response, Router } from "express";
|
||||||
|
|
||||||
|
const router = Router();
|
||||||
|
|
||||||
|
router.get(
|
||||||
|
"/",
|
||||||
|
route({
|
||||||
|
responses: {
|
||||||
|
200: {
|
||||||
|
body: "Object",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}),
|
||||||
|
async (req: Request, res: Response) => {
|
||||||
|
const general = Config.get();
|
||||||
|
let outputtedConfig;
|
||||||
|
if (req.user_id) {
|
||||||
|
const rights = await getRights(req.user_id);
|
||||||
|
if (rights.has("OPERATOR")) outputtedConfig = general;
|
||||||
|
} else {
|
||||||
|
outputtedConfig = {
|
||||||
|
limits_user_maxGuilds: general.limits.user.maxGuilds,
|
||||||
|
limits_user_maxBio: general.limits.user.maxBio,
|
||||||
|
limits_guild_maxEmojis: general.limits.guild.maxEmojis,
|
||||||
|
limits_guild_maxRoles: general.limits.guild.maxRoles,
|
||||||
|
limits_message_maxCharacters:
|
||||||
|
general.limits.message.maxCharacters,
|
||||||
|
limits_message_maxAttachmentSize:
|
||||||
|
general.limits.message.maxAttachmentSize,
|
||||||
|
limits_message_maxEmbedDownloadSize:
|
||||||
|
general.limits.message.maxEmbedDownloadSize,
|
||||||
|
limits_channel_maxWebhooks: general.limits.channel.maxWebhooks,
|
||||||
|
register_dateOfBirth_requiredc:
|
||||||
|
general.register.dateOfBirth.required,
|
||||||
|
register_password_required: general.register.password.required,
|
||||||
|
register_disabled: general.register.disabled,
|
||||||
|
register_requireInvite: general.register.requireInvite,
|
||||||
|
register_allowNewRegistration:
|
||||||
|
general.register.allowNewRegistration,
|
||||||
|
register_allowMultipleAccounts:
|
||||||
|
general.register.allowMultipleAccounts,
|
||||||
|
guild_autoJoin_canLeave: general.guild.autoJoin.canLeave,
|
||||||
|
guild_autoJoin_guilds_x: general.guild.autoJoin.guilds,
|
||||||
|
register_email_required: general.register.email.required,
|
||||||
|
};
|
||||||
|
}
|
||||||
|
res.send(outputtedConfig);
|
||||||
|
},
|
||||||
|
);
|
||||||
|
|
||||||
|
export default router;
|
@ -13,6 +13,7 @@ import {
|
|||||||
WebhooksUpdateEvent,
|
WebhooksUpdateEvent,
|
||||||
WebhookUpdateSchema,
|
WebhookUpdateSchema,
|
||||||
handleFile,
|
handleFile,
|
||||||
|
ValidateName,
|
||||||
} from "@spacebar/util";
|
} from "@spacebar/util";
|
||||||
import { Request, Response, Router } from "express";
|
import { Request, Response, Router } from "express";
|
||||||
import { HTTPError } from "lambert-server";
|
import { HTTPError } from "lambert-server";
|
||||||
@ -350,7 +351,6 @@ router.patch(
|
|||||||
"application",
|
"application",
|
||||||
],
|
],
|
||||||
});
|
});
|
||||||
|
|
||||||
const channel_id = webhook.channel_id;
|
const channel_id = webhook.channel_id;
|
||||||
if (!body.name && !body.avatar) {
|
if (!body.name && !body.avatar) {
|
||||||
throw new HTTPError("Empty messages are not allowed", 50006);
|
throw new HTTPError("Empty messages are not allowed", 50006);
|
||||||
@ -360,6 +360,11 @@ router.patch(
|
|||||||
`/avatars/${webhook_id}`,
|
`/avatars/${webhook_id}`,
|
||||||
body.avatar as string,
|
body.avatar as string,
|
||||||
);
|
);
|
||||||
|
|
||||||
|
if (body.name) {
|
||||||
|
ValidateName(body.name);
|
||||||
|
}
|
||||||
|
|
||||||
webhook.assign(body);
|
webhook.assign(body);
|
||||||
|
|
||||||
await Promise.all([
|
await Promise.all([
|
||||||
|
@ -10,6 +10,7 @@ import {
|
|||||||
Channel,
|
Channel,
|
||||||
handleFile,
|
handleFile,
|
||||||
FieldErrors,
|
FieldErrors,
|
||||||
|
ValidateName,
|
||||||
} from "@spacebar/util";
|
} from "@spacebar/util";
|
||||||
import { Request, Response, Router } from "express";
|
import { Request, Response, Router } from "express";
|
||||||
import { HTTPError } from "lambert-server";
|
import { HTTPError } from "lambert-server";
|
||||||
@ -167,37 +168,7 @@ router.patch(
|
|||||||
);
|
);
|
||||||
|
|
||||||
if (body.name) {
|
if (body.name) {
|
||||||
const check_username = body.name.replace(/\s/g, "");
|
ValidateName(body.name);
|
||||||
if (!check_username) {
|
|
||||||
throw FieldErrors({
|
|
||||||
username: {
|
|
||||||
code: "BASE_TYPE_REQUIRED",
|
|
||||||
message: req.t("common:field.BASE_TYPE_REQUIRED"),
|
|
||||||
},
|
|
||||||
});
|
|
||||||
}
|
|
||||||
|
|
||||||
const { maxUsername } = Config.get().limits.user;
|
|
||||||
if (
|
|
||||||
check_username.length > maxUsername ||
|
|
||||||
check_username.length < 2
|
|
||||||
) {
|
|
||||||
throw FieldErrors({
|
|
||||||
username: {
|
|
||||||
code: "BASE_TYPE_BAD_LENGTH",
|
|
||||||
message: `Must be between 2 and ${maxUsername} in length.`,
|
|
||||||
},
|
|
||||||
});
|
|
||||||
}
|
|
||||||
|
|
||||||
const blockedContains = ["discord", "clyde", "spacebar"];
|
|
||||||
for (const word of blockedContains) {
|
|
||||||
if (body.name.toLowerCase().includes(word)) {
|
|
||||||
return res.status(400).json({
|
|
||||||
username: [`Username cannot contain "${word}"`],
|
|
||||||
});
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
const channel_id = body.channel_id || webhook.channel_id;
|
const channel_id = body.channel_id || webhook.channel_id;
|
||||||
|
51
src/util/util/NameValidation.ts
Executable file
51
src/util/util/NameValidation.ts
Executable file
@ -0,0 +1,51 @@
|
|||||||
|
/*
|
||||||
|
Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
|
||||||
|
Copyright (C) 2023 Spacebar and Spacebar Contributors
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU Affero General Public License as published
|
||||||
|
by the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU Affero General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU Affero General Public License
|
||||||
|
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
import { Config } from "./Config";
|
||||||
|
import { FieldErrors } from "./FieldError";
|
||||||
|
import { HTTPError } from "lambert-server";
|
||||||
|
|
||||||
|
export function ValidateName(name: string) {
|
||||||
|
const check_username = name.replace(/\s/g, "");
|
||||||
|
if (!check_username) {
|
||||||
|
throw FieldErrors({
|
||||||
|
username: {
|
||||||
|
code: "BASE_TYPE_REQUIRED",
|
||||||
|
message: "common:field.BASE_TYPE_REQUIRED",
|
||||||
|
},
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
const { maxUsername } = Config.get().limits.user;
|
||||||
|
if (check_username.length > maxUsername || check_username.length < 2) {
|
||||||
|
throw FieldErrors({
|
||||||
|
username: {
|
||||||
|
code: "BASE_TYPE_BAD_LENGTH",
|
||||||
|
message: `Must be between 2 and ${maxUsername} in length.`,
|
||||||
|
},
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
const blockedContains = ["discord", "clyde", "spacebar"];
|
||||||
|
for (const word of blockedContains) {
|
||||||
|
if (name.toLowerCase().includes(word)) {
|
||||||
|
throw new HTTPError(`Username cannot contain "${word}"`, 400);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return name;
|
||||||
|
}
|
@ -43,3 +43,4 @@ export * from "./TraverseDirectory";
|
|||||||
export * from "./WebAuthn";
|
export * from "./WebAuthn";
|
||||||
export * from "./Gifs";
|
export * from "./Gifs";
|
||||||
export * from "./Application";
|
export * from "./Application";
|
||||||
|
export * from "./NameValidation";
|
||||||
|
Loading…
x
Reference in New Issue
Block a user