diff options
| author | syuilo <syuilotan@yahoo.co.jp> | 2017-02-22 19:39:34 +0900 |
|---|---|---|
| committer | syuilo <syuilotan@yahoo.co.jp> | 2017-02-22 19:39:34 +0900 |
| commit | abfb36bcdb25ba11bda9892ec473970fc29506bb (patch) | |
| tree | 784059fdbe0ea3c2145fce47de9c3e7ea50dc585 /src/api | |
| parent | [Client] Fix bug (diff) | |
| download | sharkey-abfb36bcdb25ba11bda9892ec473970fc29506bb.tar.gz sharkey-abfb36bcdb25ba11bda9892ec473970fc29506bb.tar.bz2 sharkey-abfb36bcdb25ba11bda9892ec473970fc29506bb.zip | |
Fix bug
Diffstat (limited to 'src/api')
| -rw-r--r-- | src/api/models/user.ts | 9 | ||||
| -rw-r--r-- | src/api/private/signin.ts | 10 | ||||
| -rw-r--r-- | src/api/private/signup.ts | 4 |
3 files changed, 19 insertions, 4 deletions
diff --git a/src/api/models/user.ts b/src/api/models/user.ts index 30805e4b63..c8c187c509 100644 --- a/src/api/models/user.ts +++ b/src/api/models/user.ts @@ -8,9 +8,14 @@ const collection = db.get('users'); export default collection as any; // fuck type definition export function validateUsername(username: string): boolean { - return /^[a-zA-Z0-9\-]{3,20}$/.test(username); + return typeof username == 'string' && /^[a-zA-Z0-9\-]{3,20}$/.test(username); +} + +export function validatePassword(password: string): boolean { + return typeof password == 'string' && password != ''; } export function isValidBirthday(birthday: string): boolean { - return /^([0-9]{4})\-([0-9]{2})-([0-9]{2})$/.test(birthday); + return typeof birthday == 'string' && /^([0-9]{4})\-([0-9]{2})-([0-9]{2})$/.test(birthday); +} } diff --git a/src/api/private/signin.ts b/src/api/private/signin.ts index 14dd1c7058..fe3b5f7084 100644 --- a/src/api/private/signin.ts +++ b/src/api/private/signin.ts @@ -12,6 +12,16 @@ export default async (req: express.Request, res: express.Response) => { const username = req.body['username']; const password = req.body['password']; + if (typeof username != 'string') { + res.sendStatus(400); + return; + } + + if (typeof password != 'string') { + res.sendStatus(400); + return; + } + // Fetch user const user = await User.findOne({ username_lower: username.toLowerCase() diff --git a/src/api/private/signup.ts b/src/api/private/signup.ts index 73e04f8b37..bd2a7ef02a 100644 --- a/src/api/private/signup.ts +++ b/src/api/private/signup.ts @@ -3,7 +3,7 @@ import * as bcrypt from 'bcryptjs'; import rndstr from 'rndstr'; import recaptcha = require('recaptcha-promise'); import User from '../models/user'; -import { validateUsername } from '../models/user'; +import { validateUsername, validatePassword } from '../models/user'; import serialize from '../serializers/user'; import config from '../../conf'; @@ -34,7 +34,7 @@ export default async (req: express.Request, res: express.Response) => { } // Validate password - if (password == '') { + if (!validatePassword(password)) { res.sendStatus(400); return; } |