add UserInput sanitization
This commit is contained in:
parent
56c8c9160b
commit
cc93a57af9
|
@ -2,6 +2,7 @@ package models
|
|||
|
||||
import (
|
||||
"context"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
sqlutils "github.com/zdam-egzamin-zawodowy/backend/pkg/utils/sql"
|
||||
|
@ -86,6 +87,25 @@ func (input *UserInput) ToUser() *User {
|
|||
return u
|
||||
}
|
||||
|
||||
func (input *UserInput) Sanitize() *UserInput {
|
||||
if input.DisplayName != nil {
|
||||
trimmed := strings.TrimSpace(*input.DisplayName)
|
||||
input.DisplayName = &trimmed
|
||||
}
|
||||
|
||||
if input.Password != nil {
|
||||
sanitized := strings.ToLower(strings.TrimSpace(*input.Password))
|
||||
input.Password = &sanitized
|
||||
}
|
||||
|
||||
if input.Email != nil {
|
||||
sanitized := strings.ToLower(strings.TrimSpace(*input.Email))
|
||||
input.Email = &sanitized
|
||||
}
|
||||
|
||||
return input
|
||||
}
|
||||
|
||||
func (input *UserInput) ApplyUpdate(q *orm.Query) (*orm.Query, error) {
|
||||
if !input.IsEmpty() {
|
||||
if input.DisplayName != nil {
|
||||
|
|
|
@ -28,7 +28,7 @@ func New(cfg *Config) (user.Usecase, error) {
|
|||
}
|
||||
|
||||
func (ucase *usecase) Store(ctx context.Context, input *models.UserInput) (*models.User, error) {
|
||||
if err := ucase.validateInput(input, validateOptions{false}); err != nil {
|
||||
if err := ucase.validateInput(input.Sanitize(), validateOptions{false}); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return ucase.userRepository.Store(ctx, input)
|
||||
|
@ -43,7 +43,7 @@ func (ucase *usecase) UpdateOneByID(ctx context.Context, id int, input *models.U
|
|||
&models.UserFilter{
|
||||
ID: []int{id},
|
||||
},
|
||||
input,
|
||||
input.Sanitize(),
|
||||
)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -58,7 +58,7 @@ func (ucase *usecase) UpdateMany(ctx context.Context, f *models.UserFilter, inpu
|
|||
if f == nil {
|
||||
return []*models.User{}, nil
|
||||
}
|
||||
if err := ucase.validateInput(input, validateOptions{true}); err != nil {
|
||||
if err := ucase.validateInput(input.Sanitize(), validateOptions{true}); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
items, err := ucase.userRepository.UpdateMany(ctx, f, input)
|
||||
|
@ -149,8 +149,7 @@ func (ucase *usecase) validateInput(input *models.UserInput, opts validateOption
|
|||
}
|
||||
|
||||
if input.Password != nil {
|
||||
password := *input.Password
|
||||
passwordLength := len(password)
|
||||
passwordLength := len(*input.Password)
|
||||
if passwordLength > user.MaxPasswordLength || passwordLength < user.MinPasswordLength {
|
||||
return fmt.Errorf(messagePasswordInvalidLength, user.MinPasswordLength, user.MaxPasswordLength)
|
||||
}
|
||||
|
|
|
@ -37,14 +37,14 @@ func SanitizeSort(sort string) string {
|
|||
}
|
||||
|
||||
func SanitizeSorts(sorts []string) []string {
|
||||
sanitizedExprs := []string{}
|
||||
sanitizedSorts := []string{}
|
||||
for _, sort := range sorts {
|
||||
sanitized := SanitizeSort(sort)
|
||||
if sanitized != "" {
|
||||
sanitizedExprs = append(sanitizedExprs, sanitized)
|
||||
sanitizedSorts = append(sanitizedSorts, sanitized)
|
||||
}
|
||||
}
|
||||
return sanitizedExprs
|
||||
return sanitizedSorts
|
||||
}
|
||||
|
||||
type buffer struct {
|
||||
|
|
Reference in New Issue