input length and range checking

1 files changed, 21 insertions, 1 deletions

diff --git a/src/api/auth.rs b/src/api/auth.rs
index d60483f..b469d4d 100644
--- a/src/api/auth.rs
+++ b/src/api/auth.rs
@@ -3,7 +3,7 @@ use serde::Deserialize;
 use time::{OffsetDateTime, Duration};
 use tower_cookies::{Cookies, Cookie};
 
-use crate::types::{user::User, response::ResponseCode, session::Session, extract::{Json, AuthorizedUser}};
+use crate::types::{user::User, response::ResponseCode, session::Session, extract::{Json, AuthorizedUser, Check, CheckResult}};
 
 #[derive(Deserialize)]
 struct RegistrationRequet {
@@ -17,6 +17,20 @@ struct RegistrationRequet {
     year: u32
 }
 
+impl Check for RegistrationRequet {
+    fn check(&self) -> CheckResult {
+        Self::assert_length(&self.firstname, 1, 20, "First name can only by 1-20 characters long")?;
+        Self::assert_length(&self.lastname, 1, 20, "Last name can only by 1-20 characters long")?;
+        Self::assert_length(&self.email, 1, 50, "Email can only by 1-50 characters long")?;
+        Self::assert_length(&self.password, 1, 50, "Password can only by 1-50 characters long")?;
+        Self::assert_length(&self.gender, 1, 100, "Gender can only by 1-100 characters long")?;
+        Self::assert_range(self.day as u64, 1, 255, "Birthday day can only be between 1-255")?;
+        Self::assert_range(self.month as u64, 1, 255, "Birthday month can only be between 1-255")?;
+        Self::assert_range(self.year as u64, 1, 2147483647, "Birthday year can only be between 1-2147483647")?;
+        Ok(())
+    }
+}
+
 
 async fn register(cookies: Cookies, Json(body): Json<RegistrationRequet>) -> Response {
 
@@ -50,6 +64,12 @@ struct LoginRequest {
     password: String,
 }
 
+impl Check for LoginRequest {
+    fn check(&self) -> CheckResult {
+        Ok(())
+    }
+}
+
 async fn login(cookies: Cookies, Json(body): Json<LoginRequest>) -> Response {
     
     let Ok(user) = User::from_email(&body.email) else {