Dekescordes/spacebar
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Validate Name for webhooks enforced more

Browse Source
This commit is contained in:
root 2025-03-25 16:02:47 -07:00
parent 52efef274b
commit d8b1a8484c
2 changed files with 3 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
src/api/routes/channels/#channel_id/webhooks.ts
View File

@ -29,6 +29,7 @@ import {
isTextChannel, isTextChannel,
trimSpecial, trimSpecial,
FieldErrors, FieldErrors,
ValidateName,
} from "@spacebar/util"; } from "@spacebar/util";
import crypto from "crypto"; import crypto from "crypto";
import { Request, Response, Router } from "express"; import { Request, Response, Router } from "express";
@ -113,37 +114,7 @@ router.post(
// TODO: move this // TODO: move this
if (name) { if (name) {
const check_username = name.replace(/\s/g, ""); ValidateName(name);
if (!check_username) {
throw FieldErrors({
username: {
code: "BASE_TYPE_REQUIRED",
message: req.t("common:field.BASE_TYPE_REQUIRED"),
},
});
}
const { maxUsername } = Config.get().limits.user;
if (
check_username.length > maxUsername ||
check_username.length < 2
) {
throw FieldErrors({
username: {
code: "BASE_TYPE_BAD_LENGTH",
message: `Must be between 2 and ${maxUsername} in length.`,
},
});
}
const blockedContains = ["discord", "clyde", "spacebar"];
for (const word of blockedContains) {
if (name.toLowerCase().includes(word)) {
return res.status(400).json({
username: [`Username cannot contain "${word}"`],
});
}
}
} }
if (avatar) avatar = await handleFile(`/avatars/${channel_id}`, avatar); if (avatar) avatar = await handleFile(`/avatars/${channel_id}`, avatar);

32
src/api/routes/webhooks/#webhook_id/#token/index.ts
View File

@ -134,37 +134,7 @@ router.post(
// block username from containing certain words // block username from containing certain words
// TODO: configurable additions // TODO: configurable additions
if (body.username) { if (body.username) {
const check_username = body.username.replace(/\s/g, ""); ValidateName(body.username);
if (!check_username) {
throw FieldErrors({
username: {
code: "BASE_TYPE_REQUIRED",
message: req.t("common:field.BASE_TYPE_REQUIRED"),
},
});
}
const { maxUsername } = Config.get().limits.user;
if (
check_username.length > maxUsername ||
check_username.length < 2
) {
throw FieldErrors({
username: {
code: "BASE_TYPE_BAD_LENGTH",
message: `Must be between 2 and ${maxUsername} in length.`,
},
});
}
const blockedContains = ["discord", "clyde", "spacebar"];
for (const word of blockedContains) {
if (body.username.toLowerCase().includes(word)) {
return res.status(400).json({
username: [`Username cannot contain "${word}"`],
});
}
}
} }
// block username from being certain words // block username from being certain words