From 147344546bff505a9116fa8512857286e2987bbb Mon Sep 17 00:00:00 2001 From: Gani Georgiev Date: Thu, 11 Aug 2022 10:29:01 +0300 Subject: [PATCH] added custom insertion id regex check --- forms/admin_upsert.go | 1 + forms/admin_upsert_test.go | 8 +++++++- forms/base.go | 5 +++++ forms/collection_upsert.go | 1 + forms/collection_upsert_test.go | 8 +++++++- forms/record_upsert.go | 1 + forms/record_upsert_test.go | 8 +++++++- forms/user_upsert.go | 1 + forms/user_upsert_test.go | 8 +++++++- 9 files changed, 37 insertions(+), 4 deletions(-) diff --git a/forms/admin_upsert.go b/forms/admin_upsert.go index 85528799..4d648af1 100644 --- a/forms/admin_upsert.go +++ b/forms/admin_upsert.go @@ -74,6 +74,7 @@ func (form *AdminUpsert) Validate() error { validation.When( form.admin.IsNew(), validation.Length(models.DefaultIdLength, models.DefaultIdLength), + validation.Match(idRegex), ).Else(validation.In(form.admin.Id)), ), validation.Field( diff --git a/forms/admin_upsert_test.go b/forms/admin_upsert_test.go index f9ce1f8e..4c7c9ea6 100644 --- a/forms/admin_upsert_test.go +++ b/forms/admin_upsert_test.go @@ -412,7 +412,13 @@ func TestAdminUpsertWithCustomId(t *testing.T) { true, }, { - "id = 15 chars", + "id = 15 chars (invalid chars)", + `{"id":"a@3456789012345"}`, + &models.Admin{}, + true, + }, + { + "id = 15 chars (valid chars)", `{"id":"a23456789012345"}`, &models.Admin{}, false, diff --git a/forms/base.go b/forms/base.go index 38e2ce6a..ee7bad20 100644 --- a/forms/base.go +++ b/forms/base.go @@ -2,6 +2,11 @@ // validation and applying changes to existing DB models through the app Dao. package forms +import "regexp" + +// base ID value regex pattern +var idRegex = regexp.MustCompile(`^[^\@\#\$\&\|\.\,\'\"\\\/\s]+$`) + // InterceptorNextFunc is a interceptor handler function. // Usually used in combination with InterceptorFunc. type InterceptorNextFunc = func() error diff --git a/forms/collection_upsert.go b/forms/collection_upsert.go index cf9f8df1..8f44fd36 100644 --- a/forms/collection_upsert.go +++ b/forms/collection_upsert.go @@ -97,6 +97,7 @@ func (form *CollectionUpsert) Validate() error { validation.When( form.collection.IsNew(), validation.Length(models.DefaultIdLength, models.DefaultIdLength), + validation.Match(idRegex), ).Else(validation.In(form.collection.Id)), ), validation.Field( diff --git a/forms/collection_upsert_test.go b/forms/collection_upsert_test.go index 3c30935e..0595f493 100644 --- a/forms/collection_upsert_test.go +++ b/forms/collection_upsert_test.go @@ -590,7 +590,13 @@ func TestCollectionUpsertWithCustomId(t *testing.T) { true, }, { - "id = 15 chars", + "id = 15 chars (invalid chars)", + `{"id":"a@3456789012345"}`, + newCollection(), + true, + }, + { + "id = 15 chars (valid chars)", `{"id":"a23456789012345"}`, newCollection(), false, diff --git a/forms/record_upsert.go b/forms/record_upsert.go index 52120c9c..79f6aa14 100644 --- a/forms/record_upsert.go +++ b/forms/record_upsert.go @@ -276,6 +276,7 @@ func (form *RecordUpsert) Validate() error { validation.When( form.record.IsNew(), validation.Length(models.DefaultIdLength, models.DefaultIdLength), + validation.Match(idRegex), ).Else(validation.In(form.record.Id)), ), ) diff --git a/forms/record_upsert_test.go b/forms/record_upsert_test.go index a315e200..390da76a 100644 --- a/forms/record_upsert_test.go +++ b/forms/record_upsert_test.go @@ -653,7 +653,13 @@ func TestRecordUpsertWithCustomId(t *testing.T) { true, }, { - "id = 15 chars", + "id = 15 chars (invalid chars)", + map[string]string{"id": "a@3456789012345"}, + models.NewRecord(collection), + true, + }, + { + "id = 15 chars (valid chars)", map[string]string{"id": "a23456789012345"}, models.NewRecord(collection), false, diff --git a/forms/user_upsert.go b/forms/user_upsert.go index 4aed3935..37744549 100644 --- a/forms/user_upsert.go +++ b/forms/user_upsert.go @@ -76,6 +76,7 @@ func (form *UserUpsert) Validate() error { validation.When( form.user.IsNew(), validation.Length(models.DefaultIdLength, models.DefaultIdLength), + validation.Match(idRegex), ).Else(validation.In(form.user.Id)), ), validation.Field( diff --git a/forms/user_upsert_test.go b/forms/user_upsert_test.go index 64f81249..e1ae1487 100644 --- a/forms/user_upsert_test.go +++ b/forms/user_upsert_test.go @@ -369,7 +369,13 @@ func TestUserUpsertWithCustomId(t *testing.T) { true, }, { - "id = 15 chars", + "id = 15 chars (invalid chars)", + `{"id":"a@3456789012345"}`, + &models.User{}, + true, + }, + { + "id = 15 chars (valid chars)", `{"id":"a23456789012345"}`, &models.User{}, false,