nyne/nysoure
1
0
Fork 0
mirror of https://github.com/wgh136/nysoure.git synced 2025-09-27 12:17:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Improve request validation.

Browse Source
This commit is contained in:
nyne
2025-05-13 19:10:41 +08:00
parent 12c1e0e413
commit cbac071dd2
7 changed files with 55 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
server/service/user.go
View File

@@ -18,6 +18,12 @@ const (
)
func CreateUser(username, password string) (model.UserViewWithToken, error) {
if len(username) < 3 || len(username) > 20 {
return model.UserViewWithToken{}, model.NewRequestError("Username must be between 3 and 20 characters")
}
if len(password) < 6 || len(password) > 20 {
return model.UserViewWithToken{}, model.NewRequestError("Password must be between 6 and 20 characters")
}
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
if err != nil {
return model.UserViewWithToken{}, err
@@ -57,7 +63,7 @@ func ChangePassword(id uint, oldPassword, newPassword string) (model.UserViewWit
return model.UserViewWithToken{}, err
}
if err := bcrypt.CompareHashAndPassword(user.PasswordHash, []byte(oldPassword)); err != nil {
return model.UserViewWithToken{}, err
return model.UserViewWithToken{}, model.NewUnAuthorizedError("Invalid old password")
}
hashedPassword, err := bcrypt.GenerateFromPassword([]byte(newPassword), bcrypt.DefaultCost)
if err != nil {
@@ -117,17 +123,6 @@ func getEmbedAvatar(id uint) ([]byte, error) {
return static.Static.ReadFile(fileName)
}
func HavePermissionToUpload(id uint) error {
user, err := dao.GetUserByID(id)
if err != nil {
return err
}
if !user.IsAdmin && !user.CanUpload {
return model.NewUnAuthorizedError("User does not have permission to upload")
}
return nil
}
func SetUserAdmin(adminID uint, targetUserID uint, isAdmin bool) (model.UserView, error) {
if adminID == targetUserID {
return model.UserView{}, model.NewRequestError("You cannot modify your own admin status")