From 74f4f8fc9c59a9370b3e4d954aa5c429869d8d6b Mon Sep 17 00:00:00 2001 From: Jack Date: Tue, 14 Sep 2021 15:38:44 +0100 Subject: [PATCH] added more username validation --- backend/dao/user.js | 6 +++++- backend/handlers/validation.js | 8 +++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/backend/dao/user.js b/backend/dao/user.js index 1f0d5c95a..5782ee852 100644 --- a/backend/dao/user.js +++ b/backend/dao/user.js @@ -3,6 +3,7 @@ const { mongoDB } = require("../init/mongodb"); const { ObjectID } = require("mongodb"); const { checkAndUpdatePb } = require("../handlers/pb"); const { updateAuthEmail } = require("../handlers/auth"); +const { isUsernameValid } = require("../handlers/validation"); class UsersDAO { static async addUser(name, email, uid) { @@ -24,7 +25,10 @@ class UsersDAO { .findOne({ name: { $regex: new RegExp(`^${name}$`, "i") } }); if (nameDoc) throw new MonkeyError(409, "Username already taken"); let user = await mongoDB().collection("users").findOne({ uid }); - if (Date.now() - user.lastNameChange < 2592000000) { + if ( + Date.now() - user.lastNameChange < 2592000000 && + isUsernameValid(user.name) + ) { throw new MonkeyError(409, "You can change your name once every 30 days"); } return await mongoDB() diff --git a/backend/handlers/validation.js b/backend/handlers/validation.js index 40df113ab..6de200739 100644 --- a/backend/handlers/validation.js +++ b/backend/handlers/validation.js @@ -5,7 +5,13 @@ const { roundTo2 } = require("./misc"); function isUsernameValid(name) { if (name === null || name === undefined || name === "") return false; if (/miodec/.test(name.toLowerCase())) return false; - if (/bitly/.test(name.toLowerCase())) return false; + //sorry for the bad words + if ( + /bitly|fuck|bitch|shit|pussy|nigga|niqqa|niqqer|nigger|ni99a|ni99er|niga|niger|cunt|faggot|retard/.test( + name.toLowerCase() + ) + ) + return false; if (name.length > 14) return false; if (/^\..*/.test(name.toLowerCase())) return false; return /^[0-9a-zA-Z_.-]+$/.test(name);