添加用户名验证
This commit is contained in:
parent
10988194a8
commit
00d25a5f80
@ -24,3 +24,4 @@ invalid_checkid = "不存在的验证id"
|
||||
created_successfully = "创建成功"
|
||||
invalid_token = "token无效"
|
||||
invalid_redirect_url = "无效的重定向URL"
|
||||
invalid_username = "用户名仅为数字字母或 '-' 与 '_' 组成,且长度>3"
|
@ -107,6 +107,17 @@ def check_passwd(passwd: str):
|
||||
return 1
|
||||
|
||||
|
||||
def check_username(passwd: str):
|
||||
if (len(passwd) < 3):
|
||||
return 1
|
||||
pattern = r'[A-Za-z0-9\_\-]{3,16}'
|
||||
|
||||
if re.match(pattern, passwd):
|
||||
return 0
|
||||
else:
|
||||
return 1
|
||||
|
||||
|
||||
async def authenticate_user(username: str, password: str):
|
||||
hashed_password = await db.get_user(username)
|
||||
if not hashed_password:
|
||||
@ -144,6 +155,10 @@ async def check_apikey(tkn: str):
|
||||
|
||||
@app.post("/api/login")
|
||||
async def login_callback(response: Response, username: str = Form(), password: str = Form()):
|
||||
if (check_username(username)):
|
||||
return {"msg": cfg.lang["invalid_username"]}
|
||||
if (check_passwd(password)):
|
||||
return {"msg": cfg.lang["weak_passwd"]}
|
||||
if (await authenticate_user(username, password)):
|
||||
tokennow = await create_token(username)
|
||||
tkn = prep_uuid(uuid.uuid4().hex)
|
||||
@ -162,6 +177,8 @@ regex = re.compile(
|
||||
async def login_callback(username: str = Form(), password: str = Form(), email: str = Form()):
|
||||
if (check_passwd(password)):
|
||||
return {"msg": cfg.lang["weak_passwd"], "code": 1}
|
||||
if (check_username(username)):
|
||||
return {"msg": cfg.lang["invalid_username"]}
|
||||
if (not re.fullmatch(regex, email)):
|
||||
return {"msg": cfg.lang["invalid_email"], "code": 1}
|
||||
if not (await db.check_user(username)):
|
||||
@ -215,6 +232,8 @@ async def resetpasswd(uid: str, response: Response):
|
||||
|
||||
@app.post("/api/send_resetpasswd")
|
||||
async def resetpasswd(username: str = Form()):
|
||||
if (check_username(username)):
|
||||
return {"msg": cfg.lang["invalid_username"]}
|
||||
if (await db.check_user(username)):
|
||||
email = await db.get_email(username)
|
||||
tkn = prep_uuid(uuid.uuid4().hex)
|
||||
|
Loading…
Reference in New Issue
Block a user