add UserInput sanitization
This commit is contained in:
parent
56c8c9160b
commit
cc93a57af9
|
@ -2,6 +2,7 @@ package models
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
sqlutils "github.com/zdam-egzamin-zawodowy/backend/pkg/utils/sql"
|
sqlutils "github.com/zdam-egzamin-zawodowy/backend/pkg/utils/sql"
|
||||||
|
@ -86,6 +87,25 @@ func (input *UserInput) ToUser() *User {
|
||||||
return u
|
return u
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (input *UserInput) Sanitize() *UserInput {
|
||||||
|
if input.DisplayName != nil {
|
||||||
|
trimmed := strings.TrimSpace(*input.DisplayName)
|
||||||
|
input.DisplayName = &trimmed
|
||||||
|
}
|
||||||
|
|
||||||
|
if input.Password != nil {
|
||||||
|
sanitized := strings.ToLower(strings.TrimSpace(*input.Password))
|
||||||
|
input.Password = &sanitized
|
||||||
|
}
|
||||||
|
|
||||||
|
if input.Email != nil {
|
||||||
|
sanitized := strings.ToLower(strings.TrimSpace(*input.Email))
|
||||||
|
input.Email = &sanitized
|
||||||
|
}
|
||||||
|
|
||||||
|
return input
|
||||||
|
}
|
||||||
|
|
||||||
func (input *UserInput) ApplyUpdate(q *orm.Query) (*orm.Query, error) {
|
func (input *UserInput) ApplyUpdate(q *orm.Query) (*orm.Query, error) {
|
||||||
if !input.IsEmpty() {
|
if !input.IsEmpty() {
|
||||||
if input.DisplayName != nil {
|
if input.DisplayName != nil {
|
||||||
|
|
|
@ -28,7 +28,7 @@ func New(cfg *Config) (user.Usecase, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ucase *usecase) Store(ctx context.Context, input *models.UserInput) (*models.User, error) {
|
func (ucase *usecase) Store(ctx context.Context, input *models.UserInput) (*models.User, error) {
|
||||||
if err := ucase.validateInput(input, validateOptions{false}); err != nil {
|
if err := ucase.validateInput(input.Sanitize(), validateOptions{false}); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
return ucase.userRepository.Store(ctx, input)
|
return ucase.userRepository.Store(ctx, input)
|
||||||
|
@ -43,7 +43,7 @@ func (ucase *usecase) UpdateOneByID(ctx context.Context, id int, input *models.U
|
||||||
&models.UserFilter{
|
&models.UserFilter{
|
||||||
ID: []int{id},
|
ID: []int{id},
|
||||||
},
|
},
|
||||||
input,
|
input.Sanitize(),
|
||||||
)
|
)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
@ -58,7 +58,7 @@ func (ucase *usecase) UpdateMany(ctx context.Context, f *models.UserFilter, inpu
|
||||||
if f == nil {
|
if f == nil {
|
||||||
return []*models.User{}, nil
|
return []*models.User{}, nil
|
||||||
}
|
}
|
||||||
if err := ucase.validateInput(input, validateOptions{true}); err != nil {
|
if err := ucase.validateInput(input.Sanitize(), validateOptions{true}); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
items, err := ucase.userRepository.UpdateMany(ctx, f, input)
|
items, err := ucase.userRepository.UpdateMany(ctx, f, input)
|
||||||
|
@ -149,8 +149,7 @@ func (ucase *usecase) validateInput(input *models.UserInput, opts validateOption
|
||||||
}
|
}
|
||||||
|
|
||||||
if input.Password != nil {
|
if input.Password != nil {
|
||||||
password := *input.Password
|
passwordLength := len(*input.Password)
|
||||||
passwordLength := len(password)
|
|
||||||
if passwordLength > user.MaxPasswordLength || passwordLength < user.MinPasswordLength {
|
if passwordLength > user.MaxPasswordLength || passwordLength < user.MinPasswordLength {
|
||||||
return fmt.Errorf(messagePasswordInvalidLength, user.MinPasswordLength, user.MaxPasswordLength)
|
return fmt.Errorf(messagePasswordInvalidLength, user.MinPasswordLength, user.MaxPasswordLength)
|
||||||
}
|
}
|
||||||
|
|
|
@ -37,14 +37,14 @@ func SanitizeSort(sort string) string {
|
||||||
}
|
}
|
||||||
|
|
||||||
func SanitizeSorts(sorts []string) []string {
|
func SanitizeSorts(sorts []string) []string {
|
||||||
sanitizedExprs := []string{}
|
sanitizedSorts := []string{}
|
||||||
for _, sort := range sorts {
|
for _, sort := range sorts {
|
||||||
sanitized := SanitizeSort(sort)
|
sanitized := SanitizeSort(sort)
|
||||||
if sanitized != "" {
|
if sanitized != "" {
|
||||||
sanitizedExprs = append(sanitizedExprs, sanitized)
|
sanitizedSorts = append(sanitizedSorts, sanitized)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return sanitizedExprs
|
return sanitizedSorts
|
||||||
}
|
}
|
||||||
|
|
||||||
type buffer struct {
|
type buffer struct {
|
||||||
|
|
Reference in New Issue
Block a user