Add username validation and URL decoding in comment retrieval

2025-09-27 20:27:23 +00:00 · 2025-05-21 12:44:29 +08:00
parent 3283aabf9f
commit 0fae66c7dd
2 changed files with 12 additions and 0 deletions
--- a/server/api/comment.go
+++ b/server/api/comment.go
@@ -1,6 +1,7 @@
 package api

 import (
+	"net/url"
 	"nysoure/server/model"
 	"nysoure/server/service"
 	"strconv"
@@ -65,6 +66,13 @@ func listComments(c fiber.Ctx) error {

 func listCommentsWithUser(c fiber.Ctx) error {
 	username := c.Params("username")
+	if username == "" {
+		return model.NewRequestError("Username is required")
+	}
+	username, err := url.PathUnescape(username)
+	if err != nil {
+		return model.NewRequestError("Invalid username")
+	}
 	pageStr := c.Query("page", "1")
 	page, err := strconv.Atoi(pageStr)
 	if err != nil {