diff options
| author | Colin Okay <okay@toyful.space> | 2022-02-23 17:01:52 -0600 |
|---|---|---|
| committer | Colin Okay <okay@toyful.space> | 2022-02-23 17:01:52 -0600 |
| commit | 88ba89df590cafd5383b5ab89093baf52518bbc2 (patch) | |
| tree | 46f2cbc92be7a1cc4215b04bad15322e2b09c3bd | |
| parent | 8cf239fc80efef5622b3fa9da89a4d9f472a684f (diff) | |
contributor handle validation
| -rw-r--r-- | src/main.lisp | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/main.lisp b/src/main.lisp index 8291bcb..c7e63f6 100644 --- a/src/main.lisp +++ b/src/main.lisp @@ -433,6 +433,14 @@ access (http-err 404))) +;;; SOME PREDICATES + + +(defun valid-contributor-handle-p (handle) + (and (stringp handle) + (<= 3 (length handle) 15) + (ppcre:scan "[a-zA-Z_0-9\-]+" handle))) + ;;; ENDPOINT DEFINITIONS (defendpoint* :post "/invite/redeem/:code an-invite-code:" () () @@ -440,8 +448,11 @@ (with-plist (password1 password2 handle) (lzb:request-body) (unless (equal password1 password2) (http-err 400 "Passwords dont match")) + (unless (valid-contributor-handle-p handle) + (http-err 400 (format nil "~a is not a valid contributor handle." handle))) (when (contributor-by-handle handle) (http-err 403 (format nil "The name ~a is already taken." handle))) + (redeem-invite code handle password1) "true")) |