From c60bb12424d07bad6560c2a9da8d70919119fdc0 Mon Sep 17 00:00:00 2001 From: Steven Date: Sat, 20 Aug 2022 21:51:28 +0800 Subject: [PATCH] chore: update user setting validator --- api/user_setting.go | 52 +++++++++++++++++++++++++++++++++++++++++++++ server/memo.go | 5 ++++- server/user.go | 9 +++++--- 3 files changed, 62 insertions(+), 4 deletions(-) diff --git a/api/user_setting.go b/api/user_setting.go index 5022e1661..d540a560f 100644 --- a/api/user_setting.go +++ b/api/user_setting.go @@ -1,5 +1,10 @@ package api +import ( + "encoding/json" + "fmt" +) + type UserSettingKey string const ( @@ -20,6 +25,11 @@ func (key UserSettingKey) String() string { return "" } +var ( + UserSettingLocaleValue = []string{"en", "zh"} + UserSettingMemoVisibilityValue = []Visibility{Privite, Protected, Public} +) + type UserSetting struct { UserID int Key UserSettingKey `json:"key"` @@ -33,6 +43,48 @@ type UserSettingUpsert struct { Value string `json:"value"` } +func (upsert UserSettingUpsert) Validate() error { + if upsert.Key == UserSettingLocaleKey { + var localeValue string + err := json.Unmarshal([]byte(upsert.Value), &localeValue) + if err != nil { + return fmt.Errorf("failed to unmarshal user setting locale value") + } + + invalid := true + for _, value := range UserSettingLocaleValue { + if localeValue == value { + invalid = false + break + } + } + if invalid { + return fmt.Errorf("invalid user setting locale value") + } + } else if upsert.Key == UserSettingMemoVisibilityKey { + var memoVisibilityValue Visibility + err := json.Unmarshal([]byte(upsert.Value), &memoVisibilityValue) + if err != nil { + return fmt.Errorf("failed to unmarshal user setting memo visibility value") + } + + invalid := true + for _, value := range UserSettingMemoVisibilityValue { + if memoVisibilityValue == value { + invalid = false + break + } + } + if invalid { + return fmt.Errorf("invalid user setting memo visibility value") + } + } else { + return fmt.Errorf("invalid user setting key") + } + + return nil +} + type UserSettingFind struct { UserID int diff --git a/server/memo.go b/server/memo.go index 825827029..84b9747c3 100644 --- a/server/memo.go +++ b/server/memo.go @@ -43,7 +43,10 @@ func (s *Server) registerMemoRoutes(g *echo.Group) { } if userMemoVisibilitySetting != nil { memoVisibility := api.Privite - json.Unmarshal([]byte(userMemoVisibilitySetting.Value), &memoVisibility) + err := json.Unmarshal([]byte(userMemoVisibilitySetting.Value), &memoVisibility) + if err != nil { + return echo.NewHTTPError(http.StatusInternalServerError, "Failed to unmarshal user setting value").SetInternal(err) + } memoCreate.Visibility = memoVisibility } diff --git a/server/user.go b/server/user.go index 57102ce9d..b9b14e3da 100644 --- a/server/user.go +++ b/server/user.go @@ -118,9 +118,8 @@ func (s *Server) registerUserRoutes(g *echo.Group) { if err := json.NewDecoder(c.Request().Body).Decode(userSettingUpsert); err != nil { return echo.NewHTTPError(http.StatusBadRequest, "Malformatted post user setting upsert request").SetInternal(err) } - - if userSettingUpsert.Key.String() == "" { - return echo.NewHTTPError(http.StatusBadRequest, "Invalid user setting key") + if err := userSettingUpsert.Validate(); err != nil { + return echo.NewHTTPError(http.StatusBadRequest, "Invalid user setting format").SetInternal(err) } userSettingUpsert.UserID = userID @@ -191,6 +190,10 @@ func (s *Server) registerUserRoutes(g *echo.Group) { return echo.NewHTTPError(http.StatusBadRequest, "Malformatted patch user request").SetInternal(err) } + if userPatch.Email != nil && !common.ValidateEmail(*userPatch.Email) { + return echo.NewHTTPError(http.StatusBadRequest, "Invalid email format") + } + if userPatch.Password != nil && *userPatch.Password != "" { passwordHash, err := bcrypt.GenerateFromPassword([]byte(*userPatch.Password), bcrypt.DefaultCost) if err != nil {