From 93c14d67281d07b07c3eb10f737b017f67e4243b Mon Sep 17 00:00:00 2001
From: Miodec <jack@monkeytype.com>
Date: Mon, 17 Jul 2023 14:39:59 +0200
Subject: [PATCH] stricter schemas

---
 backend/src/api/routes/users.ts | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/backend/src/api/routes/users.ts b/backend/src/api/routes/users.ts
index 14154d42d..f78e083f7 100644
--- a/backend/src/api/routes/users.ts
+++ b/backend/src/api/routes/users.ts
@@ -254,7 +254,7 @@ router.delete(
   RateLimit.userCustomFilterRemove,
   validateRequest({
     params: {
-      presetId: joi.string().required(),
+      presetId: joi.string().token().required(),
     },
   }),
   asyncHandler(UserController.removeResultFilterPreset)
@@ -501,10 +501,14 @@ router.get(
   withApeRateLimiter(RateLimit.userProfileGet),
   validateRequest({
     params: {
-      uidOrName: joi.string().required(),
+      uidOrName: joi
+        .alternatives()
+        .try(usernameValidation, joi.string().token().max(50)),
     },
     query: {
-      isUid: joi.string().allow(""),
+      isUid: joi.string().valid("").messages({
+        "any.only": "isUid must be empty",
+      }),
     },
   }),
   asyncHandler(UserController.getProfile)