aboutsummaryrefslogtreecommitdiff
path: root/planetwars-server/src/routes
diff options
context:
space:
mode:
authorIlion Beyst <ilion.beyst@gmail.com>2022-07-25 22:51:26 +0200
committerIlion Beyst <ilion.beyst@gmail.com>2022-07-25 22:51:31 +0200
commit1d280c62e23cf1f52398c4fe11474fdde4aaa74c (patch)
treebd5ce881273e7ac506027404984c74369d3e653c /planetwars-server/src/routes
parent4099e3ab6efb48eb527f796b530bb703958111e1 (diff)
downloadplanetwars.dev-1d280c62e23cf1f52398c4fe11474fdde4aaa74c.tar.xz
planetwars.dev-1d280c62e23cf1f52398c4fe11474fdde4aaa74c.zip
don't allow registering reserved usernames
Diffstat (limited to 'planetwars-server/src/routes')
-rw-r--r--planetwars-server/src/routes/users.rs6
1 files changed, 6 insertions, 0 deletions
diff --git a/planetwars-server/src/routes/users.rs b/planetwars-server/src/routes/users.rs
index faad1d1..264e5b9 100644
--- a/planetwars-server/src/routes/users.rs
+++ b/planetwars-server/src/routes/users.rs
@@ -11,6 +11,8 @@ use serde::{Deserialize, Serialize};
use serde_json::json;
use thiserror::Error;
+const RESERVED_USERNAMES: &[&str] = &["admin", "system"];
+
type AuthorizationHeader = TypedHeader<Authorization<Bearer>>;
#[async_trait]
@@ -89,6 +91,10 @@ impl RegistrationParams {
errors.push("password must be at least 8 characters".to_string());
}
+ if RESERVED_USERNAMES.contains(&self.username.as_str()) {
+ errors.push("that username is not allowed".to_string());
+ }
+
if users::find_user_by_name(&self.username, &conn).is_ok() {
errors.push("username is already taken".to_string());
}