add validation to user registration
This commit is contained in:
Ilion Beyst
parent
0e3ff9201e
commit
cc7014b04b
3 changed files with 89 additions and 5 deletions
|
|
@ -25,6 +25,7 @@ zip = "0.5"
|
||||||
toml = "0.5"
|
toml = "0.5"
|
||||||
planetwars-matchrunner = { path = "../planetwars-matchrunner" }
|
planetwars-matchrunner = { path = "../planetwars-matchrunner" }
|
||||||
config = { version = "0.12", features = ["toml"] }
|
config = { version = "0.12", features = ["toml"] }
|
||||||
|
thiserror = "1.0.31"
|
||||||
|
|
||||||
# TODO: remove me
|
# TODO: remove me
|
||||||
shlex = "1.1"
|
shlex = "1.1"
|
||||||
|
|
|
||||||
|
|
@ -57,10 +57,14 @@ pub fn create_user(credentials: &Credentials, conn: &PgConnection) -> QueryResul
|
||||||
.get_result::<User>(conn)
|
.get_result::<User>(conn)
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn authenticate_user(credentials: &Credentials, db_conn: &PgConnection) -> Option<User> {
|
pub fn find_user(username: &str, db_conn: &PgConnection) -> QueryResult<User> {
|
||||||
users::table
|
users::table
|
||||||
.filter(users::username.eq(&credentials.username))
|
.filter(users::username.eq(username))
|
||||||
.first::<User>(db_conn)
|
.first::<User>(db_conn)
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn authenticate_user(credentials: &Credentials, db_conn: &PgConnection) -> Option<User> {
|
||||||
|
find_user(credentials.username, db_conn)
|
||||||
.optional()
|
.optional()
|
||||||
.unwrap()
|
.unwrap()
|
||||||
.and_then(|user| {
|
.and_then(|user| {
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,8 @@ use axum::http::StatusCode;
|
||||||
use axum::response::{Headers, IntoResponse, Response};
|
use axum::response::{Headers, IntoResponse, Response};
|
||||||
use axum::{async_trait, Json};
|
use axum::{async_trait, Json};
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
|
use serde_json::json;
|
||||||
|
use thiserror::Error;
|
||||||
|
|
||||||
type AuthorizationHeader = TypedHeader<Authorization<Bearer>>;
|
type AuthorizationHeader = TypedHeader<Authorization<Bearer>>;
|
||||||
|
|
||||||
|
|
@ -53,16 +55,93 @@ pub struct RegistrationParams {
|
||||||
pub password: String,
|
pub password: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[derive(Debug, Error)]
|
||||||
|
pub enum RegistrationError {
|
||||||
|
#[error("database error")]
|
||||||
|
DatabaseError(#[from] diesel::result::Error),
|
||||||
|
#[error("validation failed")]
|
||||||
|
ValidationFailed(Vec<String>),
|
||||||
|
}
|
||||||
|
|
||||||
|
impl RegistrationParams {
|
||||||
|
fn validate(&self, conn: &DatabaseConnection) -> Result<(), RegistrationError> {
|
||||||
|
let mut errors = Vec::new();
|
||||||
|
|
||||||
|
// TODO: do we want to support cased usernames?
|
||||||
|
// this could be done by allowing casing in names, but requiring case-insensitive uniqueness
|
||||||
|
if !self
|
||||||
|
.username
|
||||||
|
.chars()
|
||||||
|
.all(|c| c.is_ascii_alphanumeric() && !c.is_uppercase())
|
||||||
|
{
|
||||||
|
errors.push("username must be alphanumeric and lowercase".to_string());
|
||||||
|
}
|
||||||
|
|
||||||
|
if self.username.len() < 3 {
|
||||||
|
errors.push("username must be at least 3 characters".to_string());
|
||||||
|
}
|
||||||
|
|
||||||
|
if self.username.len() > 32 {
|
||||||
|
errors.push("username must be at most 32 characters".to_string());
|
||||||
|
}
|
||||||
|
|
||||||
|
if self.password.len() < 8 {
|
||||||
|
errors.push("password must be at least 8 characters".to_string());
|
||||||
|
}
|
||||||
|
|
||||||
|
if users::find_user(&self.username, &conn).is_ok() {
|
||||||
|
errors.push("username is already taken".to_string());
|
||||||
|
}
|
||||||
|
|
||||||
|
if errors.is_empty() {
|
||||||
|
Ok(())
|
||||||
|
} else {
|
||||||
|
Err(RegistrationError::ValidationFailed(errors))
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
impl IntoResponse for RegistrationError {
|
||||||
|
fn into_response(self) -> Response {
|
||||||
|
let (status, json_body) = match self {
|
||||||
|
RegistrationError::DatabaseError(_e) => {
|
||||||
|
// TODO: create an error response struct
|
||||||
|
(
|
||||||
|
StatusCode::INTERNAL_SERVER_ERROR,
|
||||||
|
json!({
|
||||||
|
"error": {
|
||||||
|
"type": "internal_server_error",
|
||||||
|
}
|
||||||
|
}),
|
||||||
|
)
|
||||||
|
}
|
||||||
|
RegistrationError::ValidationFailed(errors) => (
|
||||||
|
StatusCode::UNPROCESSABLE_ENTITY,
|
||||||
|
json!({
|
||||||
|
"error": {
|
||||||
|
"type": "validation_failed",
|
||||||
|
"validation_errors": errors,
|
||||||
|
}
|
||||||
|
}),
|
||||||
|
),
|
||||||
|
};
|
||||||
|
|
||||||
|
(status, Json(json_body)).into_response()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
pub async fn register(
|
pub async fn register(
|
||||||
conn: DatabaseConnection,
|
conn: DatabaseConnection,
|
||||||
params: Json<RegistrationParams>,
|
params: Json<RegistrationParams>,
|
||||||
) -> Json<UserData> {
|
) -> Result<Json<UserData>, RegistrationError> {
|
||||||
|
params.validate(&conn)?;
|
||||||
|
|
||||||
let credentials = Credentials {
|
let credentials = Credentials {
|
||||||
username: ¶ms.username,
|
username: ¶ms.username,
|
||||||
password: ¶ms.password,
|
password: ¶ms.password,
|
||||||
};
|
};
|
||||||
let user = users::create_user(&credentials, &conn).unwrap();
|
let user = users::create_user(&credentials, &conn)?;
|
||||||
Json(user.into())
|
Ok(Json(user.into()))
|
||||||
}
|
}
|
||||||
|
|
||||||
#[derive(Deserialize)]
|
#[derive(Deserialize)]
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue