feat(api): added email regex validation on registration

2023-08-17 01:10:01 +02:00 · 2023-08-17 01:10:01 +02:00 · eadfdca689
parent 040d338ae0
commit eadfdca689
3 changed files with 10 additions and 2 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -1610,6 +1610,7 @@ dependencies = [
 "log",
 "mail-send",
 "pbkdf2 0.12.2",
+ "regex",
 "serde",
 "sha2",
 "sqlx",
--- a/Cargo.toml
+++ b/Cargo.toml
@ -20,4 +20,5 @@ actix-web-httpauth = "0.8.0"
 sqlx = { version = "0.7.1", features = ["runtime-tokio", "mysql", "chrono"] }
 uuid = { version = "1.4.1", features = ["v4"] }
 chrono = "0.4"
-mail-send = "0.4.0"
+mail-send = "0.4.0"
+regex = "1.9.3"
--- a/src/api/account/handlers.rs
+++ b/src/api/account/handlers.rs
@ -5,7 +5,7 @@ use crate::{
 };
 use anyhow::Result;
 use log::info;
-use mail_send::{mail_builder::MessageBuilder, SmtpClient, SmtpClientBuilder};
+use mail_send::{mail_builder::MessageBuilder, SmtpClientBuilder};
 use sqlx::MySqlPool;

 fn is_sql_injection(string: &String) -> bool {
@ -33,6 +33,12 @@ pub async fn register(
        return Ok(data::RegisterResponse::Blocked);
    }

+    let email_regex = regex::Regex::new(r"^([a-z0-9_+]([a-z0-9_+.]*[a-z0-9_+])?)@([a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,6})")?;
+
+    if !email_regex.is_match(&request.email) {
+        return Ok(data::RegisterResponse::MalformedEmail);
+    }
+
    if Account::from_username(pool, &request.username)
        .await?
        .is_some()