From 88ba89df590cafd5383b5ab89093baf52518bbc2 Mon Sep 17 00:00:00 2001
From: Colin Okay <okay@toyful.space>
Date: Wed, 23 Feb 2022 17:01:52 -0600
Subject: contributor handle validation

---
 src/main.lisp | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/main.lisp b/src/main.lisp
index 8291bcb..c7e63f6 100644
--- a/src/main.lisp
+++ b/src/main.lisp
@@ -433,6 +433,14 @@
     access
     (http-err 404)))
 
+;;; SOME PREDICATES
+
+
+(defun valid-contributor-handle-p (handle)
+  (and (stringp handle)
+       (<= 3 (length handle) 15)
+       (ppcre:scan "[a-zA-Z_0-9\-]+" handle)))
+
 ;;; ENDPOINT DEFINITIONS
 
 (defendpoint* :post "/invite/redeem/:code an-invite-code:" () ()
@@ -440,8 +448,11 @@
   (with-plist (password1 password2 handle) (lzb:request-body)
               (unless (equal password1 password2)
                 (http-err 400 "Passwords dont match"))
+              (unless (valid-contributor-handle-p handle)
+                (http-err 400 (format nil "~a is not a valid contributor handle." handle)))
               (when (contributor-by-handle handle)
                 (http-err 403 (format nil "The name ~a is already taken." handle)))
+
               (redeem-invite code handle password1)
               "true"))
 
-- 
cgit v1.2.3