添加用户名验证

lang/zh_cn.toml

@@ -24,3 +24,4 @@ invalid_checkid = "不存在的验证id"
 created_successfully = "创建成功"
 invalid_token = "token无效"
 invalid_redirect_url = "无效的重定向URL"
+invalid_username = "用户名仅为数字字母或 '-' 与 '_' 组成，且长度>3"

server/main.py

@@ -107,6 +107,17 @@ def check_passwd(passwd: str):
         return 1
 
 
+def check_username(passwd: str):
+    if (len(passwd) < 3):
+        return 1
+    pattern = r'[A-Za-z0-9\_\-]{3,16}'
+
+    if re.match(pattern, passwd):
+        return 0
+    else:
+        return 1
+
+
 async def authenticate_user(username: str, password: str):
     hashed_password = await db.get_user(username)
     if not hashed_password:
@@ -144,6 +155,10 @@ async def check_apikey(tkn: str):
 
 @app.post("/api/login")
 async def login_callback(response: Response, username: str = Form(), password: str = Form()):
+    if (check_username(username)):
+        return {"msg": cfg.lang["invalid_username"]}
+    if (check_passwd(password)):
+        return {"msg": cfg.lang["weak_passwd"]}
     if (await authenticate_user(username, password)):
         tokennow = await create_token(username)
         tkn = prep_uuid(uuid.uuid4().hex)
@@ -162,6 +177,8 @@ regex = re.compile(
 async def login_callback(username: str = Form(), password: str = Form(), email: str = Form()):
     if (check_passwd(password)):
         return {"msg": cfg.lang["weak_passwd"], "code": 1}
+    if (check_username(username)):
+        return {"msg": cfg.lang["invalid_username"]}
     if (not re.fullmatch(regex, email)):
         return {"msg": cfg.lang["invalid_email"], "code": 1}
     if not (await db.check_user(username)):
@@ -215,6 +232,8 @@ async def resetpasswd(uid: str, response: Response):
 
 @app.post("/api/send_resetpasswd")
 async def resetpasswd(username: str = Form()):
+    if (check_username(username)):
+        return {"msg": cfg.lang["invalid_username"]}
     if (await db.check_user(username)):
         email = await db.get_email(username)
         tkn = prep_uuid(uuid.uuid4().hex)