feat(api): added email regex validation on registration

This commit is contained in:
antifallobst 2023-08-17 01:10:01 +02:00
parent 040d338ae0
commit eadfdca689
Signed by: antifallobst
GPG Key ID: 2B4F402172791BAF
3 changed files with 10 additions and 2 deletions

1
Cargo.lock generated
View File

@ -1610,6 +1610,7 @@ dependencies = [
"log",
"mail-send",
"pbkdf2 0.12.2",
"regex",
"serde",
"sha2",
"sqlx",

View File

@ -20,4 +20,5 @@ actix-web-httpauth = "0.8.0"
sqlx = { version = "0.7.1", features = ["runtime-tokio", "mysql", "chrono"] }
uuid = { version = "1.4.1", features = ["v4"] }
chrono = "0.4"
mail-send = "0.4.0"
mail-send = "0.4.0"
regex = "1.9.3"

View File

@ -5,7 +5,7 @@ use crate::{
};
use anyhow::Result;
use log::info;
use mail_send::{mail_builder::MessageBuilder, SmtpClient, SmtpClientBuilder};
use mail_send::{mail_builder::MessageBuilder, SmtpClientBuilder};
use sqlx::MySqlPool;
fn is_sql_injection(string: &String) -> bool {
@ -33,6 +33,12 @@ pub async fn register(
return Ok(data::RegisterResponse::Blocked);
}
let email_regex = regex::Regex::new(r"^([a-z0-9_+]([a-z0-9_+.]*[a-z0-9_+])?)@([a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,6})")?;
if !email_regex.is_match(&request.email) {
return Ok(data::RegisterResponse::MalformedEmail);
}
if Account::from_username(pool, &request.username)
.await?
.is_some()