sam/BirdsiteLIVE
sam
/
BirdsiteLIVE
Archived
1
0
Fork 0
Code Issues 1 Pull Requests 1 Packages Projects Releases Wiki Activity

ensure valide username pattern, fix #75

This commit is contained in:
Nicolas Constant 2021-01-30 01:28:20 -05:00
parent 10c1da4a34
commit 52e2868deb
No known key found for this signature in database
GPG Key ID: 1E9F677FB01A5688
2 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/BirdsiteLive/Controllers/UsersController.cs
View File

@ -4,6 +4,7 @@ using System.IO;
using System.Linq;
using System.Net.Mime;
using System.Runtime.InteropServices.WindowsRuntime;
using System.Text.RegularExpressions;
using System.Threading;
using System.Threading.Tasks;
using BirdsiteLive.ActivityPub;
@ -12,6 +13,7 @@ using BirdsiteLive.Common.Settings;
using BirdsiteLive.Domain;
using BirdsiteLive.Models;
using BirdsiteLive.Twitter;
using BirdsiteLive.Twitter.Models;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Primitives;
@ -26,6 +28,7 @@ namespace BirdsiteLive.Controllers
private readonly IUserService _userService;
private readonly IStatusService _statusService;
private readonly InstanceSettings _instanceSettings;
private readonly Regex _twitterAccountRegex = new Regex(@"^[a-zA-Z0-9_]+$");
#region Ctor
public UsersController(ITwitterUserService twitterUserService, IUserService userService, IStatusService statusService, InstanceSettings instanceSettings, ITwitterTweetsService twitterTweetService)
@ -55,7 +58,12 @@ namespace BirdsiteLive.Controllers
public IActionResult Index(string id)
{
id = id.Trim(new[] { ' ', '@' }).ToLowerInvariant();
var user = _twitterUserService.GetUser(id);
// Ensure valid username
// https://help.twitter.com/en/managing-your-account/twitter-username-rules
TwitterUser user = null;
if (!string.IsNullOrWhiteSpace(id) && _twitterAccountRegex.IsMatch(id) && id.Length <= 15)
user = _twitterUserService.GetUser(id);
var acceptHeaders = Request.Headers["Accept"];
if (acceptHeaders.Any())

7
src/BirdsiteLive/Controllers/WellKnownController.cs
View File

@ -1,6 +1,7 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text.RegularExpressions;
using System.Threading.Tasks;
using BirdsiteLive.ActivityPub.Converters;
using BirdsiteLive.Common.Settings;
@ -19,6 +20,7 @@ namespace BirdsiteLive.Controllers
private readonly ITwitterUserService _twitterUserService;
private readonly ITwitterUserDal _twitterUserDal;
private readonly InstanceSettings _settings;
private readonly Regex _twitterAccountRegex = new Regex(@"^[a-zA-Z0-9_]+$");
#region Ctor
public WellKnownController(InstanceSettings settings, ITwitterUserService twitterUserService, ITwitterUserDal twitterUserDal)
@ -160,6 +162,11 @@ namespace BirdsiteLive.Controllers
// Ensure lowercase
name = name.ToLowerInvariant();
// Ensure valid username
// https://help.twitter.com/en/managing-your-account/twitter-username-rules
if (string.IsNullOrWhiteSpace(name) || !_twitterAccountRegex.IsMatch(name) || name.Length > 15 )
return NotFound();
if (!string.IsNullOrWhiteSpace(domain) && domain != _settings.Domain)
return NotFound();