Added Name Validation utility function

This commit is contained in:
root 2025-03-24 07:26:26 -07:00
parent 855c858503
commit 859edb9a27
5 changed files with 131 additions and 32 deletions

View File

@ -0,0 +1,71 @@
/*
Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
Copyright (C) 2023 Spacebar and Spacebar Contributors
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
import { route } from "@spacebar/api";
import { Config, getRights } from "@spacebar/util";
import { Request, Response, Router } from "express";
const router = Router();
router.get(
"/",
route({
responses: {
200: {
body: "Object",
},
},
}),
async (req: Request, res: Response) => {
const general = Config.get();
let outputtedConfig;
if (req.user_id) {
const rights = await getRights(req.user_id);
if (rights.has("OPERATOR")) outputtedConfig = general;
} else {
outputtedConfig = {
limits_user_maxGuilds: general.limits.user.maxGuilds,
limits_user_maxBio: general.limits.user.maxBio,
limits_guild_maxEmojis: general.limits.guild.maxEmojis,
limits_guild_maxRoles: general.limits.guild.maxRoles,
limits_message_maxCharacters:
general.limits.message.maxCharacters,
limits_message_maxAttachmentSize:
general.limits.message.maxAttachmentSize,
limits_message_maxEmbedDownloadSize:
general.limits.message.maxEmbedDownloadSize,
limits_channel_maxWebhooks: general.limits.channel.maxWebhooks,
register_dateOfBirth_requiredc:
general.register.dateOfBirth.required,
register_password_required: general.register.password.required,
register_disabled: general.register.disabled,
register_requireInvite: general.register.requireInvite,
register_allowNewRegistration:
general.register.allowNewRegistration,
register_allowMultipleAccounts:
general.register.allowMultipleAccounts,
guild_autoJoin_canLeave: general.guild.autoJoin.canLeave,
guild_autoJoin_guilds_x: general.guild.autoJoin.guilds,
register_email_required: general.register.email.required,
};
}
res.send(outputtedConfig);
},
);
export default router;

View File

@ -13,6 +13,7 @@ import {
WebhooksUpdateEvent, WebhooksUpdateEvent,
WebhookUpdateSchema, WebhookUpdateSchema,
handleFile, handleFile,
ValidateName,
} from "@spacebar/util"; } from "@spacebar/util";
import { Request, Response, Router } from "express"; import { Request, Response, Router } from "express";
import { HTTPError } from "lambert-server"; import { HTTPError } from "lambert-server";
@ -350,7 +351,6 @@ router.patch(
"application", "application",
], ],
}); });
const channel_id = webhook.channel_id; const channel_id = webhook.channel_id;
if (!body.name && !body.avatar) { if (!body.name && !body.avatar) {
throw new HTTPError("Empty messages are not allowed", 50006); throw new HTTPError("Empty messages are not allowed", 50006);
@ -360,6 +360,11 @@ router.patch(
`/avatars/${webhook_id}`, `/avatars/${webhook_id}`,
body.avatar as string, body.avatar as string,
); );
if (body.name) {
ValidateName(body.name);
}
webhook.assign(body); webhook.assign(body);
await Promise.all([ await Promise.all([

View File

@ -10,6 +10,7 @@ import {
Channel, Channel,
handleFile, handleFile,
FieldErrors, FieldErrors,
ValidateName,
} from "@spacebar/util"; } from "@spacebar/util";
import { Request, Response, Router } from "express"; import { Request, Response, Router } from "express";
import { HTTPError } from "lambert-server"; import { HTTPError } from "lambert-server";
@ -167,37 +168,7 @@ router.patch(
); );
if (body.name) { if (body.name) {
const check_username = body.name.replace(/\s/g, ""); ValidateName(body.name);
if (!check_username) {
throw FieldErrors({
username: {
code: "BASE_TYPE_REQUIRED",
message: req.t("common:field.BASE_TYPE_REQUIRED"),
},
});
}
const { maxUsername } = Config.get().limits.user;
if (
check_username.length > maxUsername ||
check_username.length < 2
) {
throw FieldErrors({
username: {
code: "BASE_TYPE_BAD_LENGTH",
message: `Must be between 2 and ${maxUsername} in length.`,
},
});
}
const blockedContains = ["discord", "clyde", "spacebar"];
for (const word of blockedContains) {
if (body.name.toLowerCase().includes(word)) {
return res.status(400).json({
username: [`Username cannot contain "${word}"`],
});
}
}
} }
const channel_id = body.channel_id || webhook.channel_id; const channel_id = body.channel_id || webhook.channel_id;

51
src/util/util/NameValidation.ts Executable file
View File

@ -0,0 +1,51 @@
/*
Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
Copyright (C) 2023 Spacebar and Spacebar Contributors
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
import { Config } from "./Config";
import { FieldErrors } from "./FieldError";
import { HTTPError } from "lambert-server";
export function ValidateName(name: string) {
const check_username = name.replace(/\s/g, "");
if (!check_username) {
throw FieldErrors({
username: {
code: "BASE_TYPE_REQUIRED",
message: "common:field.BASE_TYPE_REQUIRED",
},
});
}
const { maxUsername } = Config.get().limits.user;
if (check_username.length > maxUsername || check_username.length < 2) {
throw FieldErrors({
username: {
code: "BASE_TYPE_BAD_LENGTH",
message: `Must be between 2 and ${maxUsername} in length.`,
},
});
}
const blockedContains = ["discord", "clyde", "spacebar"];
for (const word of blockedContains) {
if (name.toLowerCase().includes(word)) {
throw new HTTPError(`Username cannot contain "${word}"`, 400);
}
}
return name;
}

View File

@ -43,3 +43,4 @@ export * from "./TraverseDirectory";
export * from "./WebAuthn"; export * from "./WebAuthn";
export * from "./Gifs"; export * from "./Gifs";
export * from "./Application"; export * from "./Application";
export * from "./NameValidation";