diff options
author | Ilion Beyst <ilion.beyst@gmail.com> | 2022-04-09 10:04:12 +0200 |
---|---|---|
committer | Ilion Beyst <ilion.beyst@gmail.com> | 2022-04-09 10:04:12 +0200 |
commit | cc7014b04bc4714cb2de7af39e62ff9762827489 (patch) | |
tree | 6c8b6de746a8551639090b745b848573a471a2b4 | |
parent | 0e3ff9201e8479935f928c05ed6b11ae1c086e00 (diff) | |
download | planetwars.dev-cc7014b04bc4714cb2de7af39e62ff9762827489.tar.xz planetwars.dev-cc7014b04bc4714cb2de7af39e62ff9762827489.zip |
add validation to user registration
-rw-r--r-- | planetwars-server/Cargo.toml | 1 | ||||
-rw-r--r-- | planetwars-server/src/db/users.rs | 8 | ||||
-rw-r--r-- | planetwars-server/src/routes/users.rs | 85 |
3 files changed, 89 insertions, 5 deletions
diff --git a/planetwars-server/Cargo.toml b/planetwars-server/Cargo.toml index be34a5f..4c6ddfc 100644 --- a/planetwars-server/Cargo.toml +++ b/planetwars-server/Cargo.toml @@ -25,6 +25,7 @@ zip = "0.5" toml = "0.5" planetwars-matchrunner = { path = "../planetwars-matchrunner" } config = { version = "0.12", features = ["toml"] } +thiserror = "1.0.31" # TODO: remove me shlex = "1.1" diff --git a/planetwars-server/src/db/users.rs b/planetwars-server/src/db/users.rs index 3c071de..3a74c53 100644 --- a/planetwars-server/src/db/users.rs +++ b/planetwars-server/src/db/users.rs @@ -57,10 +57,14 @@ pub fn create_user(credentials: &Credentials, conn: &PgConnection) -> QueryResul .get_result::<User>(conn) } -pub fn authenticate_user(credentials: &Credentials, db_conn: &PgConnection) -> Option<User> { +pub fn find_user(username: &str, db_conn: &PgConnection) -> QueryResult<User> { users::table - .filter(users::username.eq(&credentials.username)) + .filter(users::username.eq(username)) .first::<User>(db_conn) +} + +pub fn authenticate_user(credentials: &Credentials, db_conn: &PgConnection) -> Option<User> { + find_user(credentials.username, db_conn) .optional() .unwrap() .and_then(|user| { diff --git a/planetwars-server/src/routes/users.rs b/planetwars-server/src/routes/users.rs index 967710e..54ddd09 100644 --- a/planetwars-server/src/routes/users.rs +++ b/planetwars-server/src/routes/users.rs @@ -8,6 +8,8 @@ use axum::http::StatusCode; use axum::response::{Headers, IntoResponse, Response}; use axum::{async_trait, Json}; use serde::{Deserialize, Serialize}; +use serde_json::json; +use thiserror::Error; type AuthorizationHeader = TypedHeader<Authorization<Bearer>>; @@ -53,16 +55,93 @@ pub struct RegistrationParams { pub password: String, } +#[derive(Debug, Error)] +pub enum RegistrationError { + #[error("database error")] + DatabaseError(#[from] diesel::result::Error), + #[error("validation failed")] + ValidationFailed(Vec<String>), +} + +impl RegistrationParams { + fn validate(&self, conn: &DatabaseConnection) -> Result<(), RegistrationError> { + let mut errors = Vec::new(); + + // TODO: do we want to support cased usernames? + // this could be done by allowing casing in names, but requiring case-insensitive uniqueness + if !self + .username + .chars() + .all(|c| c.is_ascii_alphanumeric() && !c.is_uppercase()) + { + errors.push("username must be alphanumeric and lowercase".to_string()); + } + + if self.username.len() < 3 { + errors.push("username must be at least 3 characters".to_string()); + } + + if self.username.len() > 32 { + errors.push("username must be at most 32 characters".to_string()); + } + + if self.password.len() < 8 { + errors.push("password must be at least 8 characters".to_string()); + } + + if users::find_user(&self.username, &conn).is_ok() { + errors.push("username is already taken".to_string()); + } + + if errors.is_empty() { + Ok(()) + } else { + Err(RegistrationError::ValidationFailed(errors)) + } + } +} + +impl IntoResponse for RegistrationError { + fn into_response(self) -> Response { + let (status, json_body) = match self { + RegistrationError::DatabaseError(_e) => { + // TODO: create an error response struct + ( + StatusCode::INTERNAL_SERVER_ERROR, + json!({ + "error": { + "type": "internal_server_error", + } + }), + ) + } + RegistrationError::ValidationFailed(errors) => ( + StatusCode::UNPROCESSABLE_ENTITY, + json!({ + "error": { + "type": "validation_failed", + "validation_errors": errors, + } + }), + ), + }; + + (status, Json(json_body)).into_response() + } +} + pub async fn register( conn: DatabaseConnection, params: Json<RegistrationParams>, -) -> Json<UserData> { +) -> Result<Json<UserData>, RegistrationError> { + params.validate(&conn)?; + let credentials = Credentials { username: ¶ms.username, password: ¶ms.password, }; - let user = users::create_user(&credentials, &conn).unwrap(); - Json(user.into()) + let user = users::create_user(&credentials, &conn)?; + Ok(Json(user.into())) } #[derive(Deserialize)] |