Check login before logging it

2024-02-19 19:11:13 +01:00
parent 75b70008e3
commit e71fad8546
7 changed files with 71 additions and 5 deletions
--- a/src/controllers/admin_api.rs
+++ b/src/controllers/admin_api.rs
@@ -6,6 +6,7 @@ use crate::actors::users_actor::{DeleteUserRequest, FindUserByUsername, UsersAct
 use crate::data::action_logger::{Action, ActionLogger};
 use crate::data::current_user::CurrentUser;
 use crate::data::user::UserID;
+use crate::utils::string_utils;

 #[derive(serde::Deserialize)]
 pub struct FindUserNameReq {
@@ -21,6 +22,10 @@ pub async fn find_username(
    req: web::Form<FindUserNameReq>,
    users: web::Data<Addr<UsersActor>>,
 ) -> impl Responder {
+    if !string_utils::is_acceptable_login(&req.username) {
+        return HttpResponse::BadRequest().json("Invalid login!");
+    }
+
    let res = users
        .send(FindUserByUsername(req.0.username))
        .await