diff options
author | Ilion Beyst <ilion.beyst@gmail.com> | 2022-07-25 22:51:26 +0200 |
---|---|---|
committer | Ilion Beyst <ilion.beyst@gmail.com> | 2022-07-25 22:51:31 +0200 |
commit | 1d280c62e23cf1f52398c4fe11474fdde4aaa74c (patch) | |
tree | bd5ce881273e7ac506027404984c74369d3e653c /planetwars-server/src/routes/users.rs | |
parent | 4099e3ab6efb48eb527f796b530bb703958111e1 (diff) | |
download | planetwars.dev-1d280c62e23cf1f52398c4fe11474fdde4aaa74c.tar.xz planetwars.dev-1d280c62e23cf1f52398c4fe11474fdde4aaa74c.zip |
don't allow registering reserved usernames
Diffstat (limited to 'planetwars-server/src/routes/users.rs')
-rw-r--r-- | planetwars-server/src/routes/users.rs | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/planetwars-server/src/routes/users.rs b/planetwars-server/src/routes/users.rs index faad1d1..264e5b9 100644 --- a/planetwars-server/src/routes/users.rs +++ b/planetwars-server/src/routes/users.rs @@ -11,6 +11,8 @@ use serde::{Deserialize, Serialize}; use serde_json::json; use thiserror::Error; +const RESERVED_USERNAMES: &[&str] = &["admin", "system"]; + type AuthorizationHeader = TypedHeader<Authorization<Bearer>>; #[async_trait] @@ -89,6 +91,10 @@ impl RegistrationParams { errors.push("password must be at least 8 characters".to_string()); } + if RESERVED_USERNAMES.contains(&self.username.as_str()) { + errors.push("that username is not allowed".to_string()); + } + if users::find_user_by_name(&self.username, &conn).is_ok() { errors.push("username is already taken".to_string()); } |