mirror of
https://github.com/tornadocash/trusted-setup-server.git
synced 2024-12-22 09:13:15 +01:00
restrict symbols
-fix validation on update query
This commit is contained in:
parent
36cf7d6c6e
commit
e77572f6b7
@ -14,10 +14,14 @@
|
||||
:message="{ [hasErrorName.msg]: hasErrorName.invalid }"
|
||||
label="Name"
|
||||
>
|
||||
<b-input v-model="userName" maxlength="35"></b-input>
|
||||
<b-input v-model="userName" @blur="restrictSymbols('userName')" maxlength="35"></b-input>
|
||||
</b-field>
|
||||
<b-field label="Company">
|
||||
<b-input v-model="userCompany" maxlength="35"></b-input>
|
||||
<b-input
|
||||
v-model="userCompany"
|
||||
@blur="restrictSymbols('userCompany')"
|
||||
maxlength="35"
|
||||
></b-input>
|
||||
</b-field>
|
||||
</div>
|
||||
<div v-else class="buttons">
|
||||
@ -35,11 +39,6 @@
|
||||
import { mapGetters, mapActions } from 'vuex'
|
||||
|
||||
export default {
|
||||
data() {
|
||||
return {
|
||||
nameErrorMessage: ''
|
||||
}
|
||||
},
|
||||
computed: {
|
||||
...mapGetters('user', ['isLoggedIn', 'hasErrorName']),
|
||||
userName: {
|
||||
@ -60,7 +59,11 @@ export default {
|
||||
}
|
||||
},
|
||||
methods: {
|
||||
...mapActions('user', ['makeTweet', 'logInVia', 'logOut'])
|
||||
...mapActions('user', ['makeTweet', 'logInVia', 'logOut']),
|
||||
restrictSymbols(name) {
|
||||
const regExpression = new RegExp('[^0-9a-zA-Z\\x20]', 'g')
|
||||
this[name] = this[name].replace(regExpression, '')
|
||||
}
|
||||
}
|
||||
}
|
||||
</script>
|
||||
|
@ -66,7 +66,7 @@ export default {
|
||||
if (!this.token) {
|
||||
window.location.replace(window.location.origin)
|
||||
} else {
|
||||
await this.check()
|
||||
await this.getContributionIndex()
|
||||
}
|
||||
setTimeout(() => {
|
||||
this.$root.$emit('disableLoading')
|
||||
@ -103,12 +103,12 @@ export default {
|
||||
this.status.type = 'is-danger'
|
||||
}
|
||||
},
|
||||
async check() {
|
||||
async getContributionIndex() {
|
||||
const body = {
|
||||
token: this.token
|
||||
}
|
||||
try {
|
||||
const response = await fetch('/api/check_contribution', {
|
||||
const response = await fetch('/api/get_contribution_index', {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
Accept: 'application/json',
|
||||
|
@ -61,6 +61,11 @@ function validateRefferer(req, res, next) {
|
||||
next()
|
||||
}
|
||||
|
||||
function restrictSymbols(value) {
|
||||
const regExpression = new RegExp('[^0-9a-zA-Z\\x20]', 'g')
|
||||
return value.replace(regExpression, '')
|
||||
}
|
||||
|
||||
router.get('/connect/:provider', validateProvider, validateRefferer, (req, res) => {
|
||||
const { provider } = req.params
|
||||
const referrer = new URL(req.get('Referrer'))
|
||||
@ -138,6 +143,7 @@ router.get('/user_data/', (req, res) => {
|
||||
github.get('https://api.github.com/user', req.session.accessToken, function(error, data) {
|
||||
if (!error) {
|
||||
userData = JSON.parse(data)
|
||||
userData.name = restrictSymbols(userData.name)
|
||||
userData.handle = userData.login
|
||||
userData.socialType = 'github'
|
||||
req.session.handle = userData.login
|
||||
@ -153,6 +159,7 @@ router.get('/user_data/', (req, res) => {
|
||||
function(error, data) {
|
||||
if (!error) {
|
||||
userData = JSON.parse(data)
|
||||
userData.name = restrictSymbols(userData.name)
|
||||
userData.handle = userData.screen_name
|
||||
userData.socialType = 'twitter'
|
||||
req.session.handle = userData.screen_name
|
||||
|
@ -136,7 +136,7 @@ router.post('/authorize_contribution', async (req, res) => {
|
||||
handle: req.session.handle,
|
||||
socialType: req.session.socialType
|
||||
},
|
||||
{ where: { token: req.body.token }, returning: true }
|
||||
{ individualHooks: true, where: { token: req.body.token }, returning: true }
|
||||
)
|
||||
} catch (e) {
|
||||
console.error('updateError', e)
|
||||
@ -146,7 +146,7 @@ router.post('/authorize_contribution', async (req, res) => {
|
||||
res.send('OK')
|
||||
})
|
||||
|
||||
router.post('/check_contribution', async (req, res) => {
|
||||
router.post('/get_contribution_index', async (req, res) => {
|
||||
if (!req.body || !req.body.token) {
|
||||
res.status(404).send('Wrong request params')
|
||||
}
|
||||
|
@ -1,11 +1,16 @@
|
||||
'use strict'
|
||||
|
||||
function isValidName(value, minLength = 4) {
|
||||
const regExpression = new RegExp(`^[0-9a-zA-Z\\x20]{${minLength},35}$`)
|
||||
return regExpression.test(value)
|
||||
}
|
||||
|
||||
const validate = (contribution, options) => {
|
||||
const { name, company, socialType } = contribution.dataValues
|
||||
if (socialType !== 'anonymous' && (name.length < 4 || name.length > 35)) {
|
||||
if (socialType !== 'anonymous' && !isValidName(name)) {
|
||||
throw new Error('Wrong name')
|
||||
}
|
||||
if (company && company.length > 35) {
|
||||
if (company && !isValidName(company, 0)) {
|
||||
throw new Error('Wrong company')
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user