🐎⚡ valid name/pass check before vpass call

2025-12-16 16:12:14 +11:00 · 2021-07-10 18:56:58 -07:00 · 2021-07-10 18:56:58 -07:00 · c1587f9e46
commit c1587f9e46
parent 518c1b1203
3 changed files with 24 additions and 19 deletions
--- a/include/bank.h
+++ b/include/bank.h
@ -10,6 +10,8 @@
 #include "change_flag.h"
 #endif

+bool ValidUsername(const std::string &name) noexcept;
+
 class Bank
 {
 #if MULTI_THREADED
--- a/src/bank.cpp
+++ b/src/bank.cpp
@ -2,7 +2,7 @@

 using namespace drogon;

-INLINE bool ValidUsrname(const std::string &name) noexcept
+bool ValidUsername(const std::string &name) noexcept
 {
    if (name.size() < min_name_size || name.size() > max_name_size)
    {
@ -211,7 +211,7 @@ bool Bank::AdminVerifyAccount(const std::string &name) noexcept
 }
 BankResponse Bank::AddUser(const std::string &name, uint32_t init_bal, std::string &&init_pass) noexcept
 {
-    if (!ValidUsrname(name))
+    if (!ValidUsername(name))
    {
        return {k400BadRequest, "\"Invalid Name, breaks size and/or character restrictions\""};
    }
--- a/src/user_filter.cpp
+++ b/src/user_filter.cpp
@ -61,34 +61,37 @@ void UserFilter<set_body_flag, require_admin>::doFilter(const HttpRequestPtr &re

            std::string_view results_view(result_buffer, new_sz);
            std::size_t middle = results_view.find(':');
-            if (middle != std::string::npos)
+            if (middle != std::string::npos && ((new_sz - middle) <= 256))
            {
                StrFromSV_Wrapper username(results_view.substr(0, middle));
-                if constexpr (require_admin)
+                if (ValidUsername(username.str)) //check if username is a valid attempt to avoid hashing/grabbing shared lock
                {
-                    if (bank.AdminVerifyAccount(username.str))
+                    if constexpr (require_admin)
+                    {
+                        if (bank.AdminVerifyAccount(username.str))
+                        {
+                            StrFromSV_Wrapper password(results_view.substr(middle + 1));
+                            if (bank.VerifyPassword(username.str, password.str))
+                            {
+                                fccb();
+                                return;
+                            }
+                        }
+                    }
+                    else
                    {
                        StrFromSV_Wrapper password(results_view.substr(middle + 1));
-                        if (bank.VerifyPassword(username.str, password.str))
+                        if (bank.VerifyPassword(username.str, results_view.substr(middle + 1)))
                        {
+                            if constexpr (set_body_flag)
+                            {
+                                req->setParameter("name", username.str);
+                            }
                            fccb();
                            return;
                        }
                    }
                }
-                else
-                {
-                    StrFromSV_Wrapper password(results_view.substr(middle + 1));
-                    if (bank.VerifyPassword(username.str, results_view.substr(middle + 1)))
-                    {
-                        if constexpr (set_body_flag)
-                        {
-                            req->setParameter("name", username.str);
-                        }
-                        fccb();
-                        return;
-                    }
-                }
            }
        }
    }