From 1d280c62e23cf1f52398c4fe11474fdde4aaa74c Mon Sep 17 00:00:00 2001 From: Ilion Beyst Date: Mon, 25 Jul 2022 22:51:26 +0200 Subject: don't allow registering reserved usernames --- planetwars-server/src/routes/users.rs | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'planetwars-server/src') diff --git a/planetwars-server/src/routes/users.rs b/planetwars-server/src/routes/users.rs index faad1d1..264e5b9 100644 --- a/planetwars-server/src/routes/users.rs +++ b/planetwars-server/src/routes/users.rs @@ -11,6 +11,8 @@ use serde::{Deserialize, Serialize}; use serde_json::json; use thiserror::Error; +const RESERVED_USERNAMES: &[&str] = &["admin", "system"]; + type AuthorizationHeader = TypedHeader>; #[async_trait] @@ -89,6 +91,10 @@ impl RegistrationParams { errors.push("password must be at least 8 characters".to_string()); } + if RESERVED_USERNAMES.contains(&self.username.as_str()) { + errors.push("that username is not allowed".to_string()); + } + if users::find_user_by_name(&self.username, &conn).is_ok() { errors.push("username is already taken".to_string()); } -- cgit v1.2.3