Переглянути джерело

Add validation to user creation.

Lee Morgan 1 рік тому
батько
коміт
5e5f799726
4 змінених файлів з 20 додано та 5 видалено
  1. 1 0
      Cargo.lock
  2. 1 0
      Cargo.toml
  3. 1 1
      bruno/Suma/User/Create.bru
  4. 17 4
      src/controllers/user.rs

+ 1 - 0
Cargo.lock

@@ -1840,6 +1840,7 @@ dependencies = [
  "actix-web",
  "bson",
  "mongodb",
+ "regex",
  "serde",
  "tokio",
  "uuid",

+ 1 - 0
Cargo.toml

@@ -11,3 +11,4 @@ serde = {version = "1", features = ["derive"]}
 mongodb = {version = "2.8.0", features = ["tokio-runtime"]}
 bson = "2.8.0"
 uuid = {version = "1", features = ["v4"]}
+regex = "1"

+ 1 - 1
bruno/Suma/User/Create.bru

@@ -12,7 +12,7 @@ post {
 
 body:json {
   {
-    "email": "lee@leemorgan.dev",
+    "email": "lee.morgan@blacklist.aero",
     "password_hash": "something",
     "password_salt": "Something else"
   }

+ 17 - 4
src/controllers/user.rs

@@ -1,16 +1,29 @@
 use actix_web::{post, web, HttpResponse, Responder};
-use mongodb::Database;
+use mongodb::{bson::doc, Database};
 use crate::models::user::{User, NewUserInput};
+use regex::Regex;
 
 #[post("/api/user")]
 pub async fn create(
     db: web::Data<Database>,
     payload: web::Json<NewUserInput>
 ) -> impl Responder {
-    let users = db.collection::<User>("users");
+    let user_collection = db.collection::<User>("users");
+    let email = payload.email.to_lowercase();
+    let email_regex: Regex = Regex::new(r#"^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}(\.[0-9]{1,3}){3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$"#).unwrap();
 
-    match User::insert(&users, payload.into_inner()).await {
-        Ok(id) => HttpResponse::Ok().body("{'success': 'true'}"),
+    if !email_regex.is_match(&email) {
+        return HttpResponse::BadRequest().body("Invalid email");
+    }
+
+    match user_collection.find_one(doc!{"email": email}, None).await {
+        Ok(None) => {},
+        Ok(Some(_)) => return HttpResponse::BadRequest().body("User with this email already exists"),
+        Err(_) => return HttpResponse::InternalServerError().body("Internal server error")
+    }
+
+    match User::insert(&user_collection, payload.into_inner()).await {
+        Ok(_) => HttpResponse::Ok().body("{'success': 'true'}"),
         Err(e) => {
             eprintln!("Error: {:?}", e);
             HttpResponse::InternalServerError().body("Failed to create user")