mirror of
https://github.com/Expand-sys/CCash
synced 2025-12-17 00:22:14 +11:00
🐎⚡ valid name/pass check before vpass call
This commit is contained in:
EntireTwix
parent
518c1b1203
commit
c1587f9e46
3 changed files with 24 additions and 19 deletions
|
|
@ -10,6 +10,8 @@
|
||||||
#include "change_flag.h"
|
#include "change_flag.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
bool ValidUsername(const std::string &name) noexcept;
|
||||||
|
|
||||||
class Bank
|
class Bank
|
||||||
{
|
{
|
||||||
#if MULTI_THREADED
|
#if MULTI_THREADED
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
using namespace drogon;
|
using namespace drogon;
|
||||||
|
|
||||||
INLINE bool ValidUsrname(const std::string &name) noexcept
|
bool ValidUsername(const std::string &name) noexcept
|
||||||
{
|
{
|
||||||
if (name.size() < min_name_size || name.size() > max_name_size)
|
if (name.size() < min_name_size || name.size() > max_name_size)
|
||||||
{
|
{
|
||||||
|
|
@ -211,7 +211,7 @@ bool Bank::AdminVerifyAccount(const std::string &name) noexcept
|
||||||
}
|
}
|
||||||
BankResponse Bank::AddUser(const std::string &name, uint32_t init_bal, std::string &&init_pass) noexcept
|
BankResponse Bank::AddUser(const std::string &name, uint32_t init_bal, std::string &&init_pass) noexcept
|
||||||
{
|
{
|
||||||
if (!ValidUsrname(name))
|
if (!ValidUsername(name))
|
||||||
{
|
{
|
||||||
return {k400BadRequest, "\"Invalid Name, breaks size and/or character restrictions\""};
|
return {k400BadRequest, "\"Invalid Name, breaks size and/or character restrictions\""};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -61,34 +61,37 @@ void UserFilter<set_body_flag, require_admin>::doFilter(const HttpRequestPtr &re
|
||||||
|
|
||||||
std::string_view results_view(result_buffer, new_sz);
|
std::string_view results_view(result_buffer, new_sz);
|
||||||
std::size_t middle = results_view.find(':');
|
std::size_t middle = results_view.find(':');
|
||||||
if (middle != std::string::npos)
|
if (middle != std::string::npos && ((new_sz - middle) <= 256))
|
||||||
{
|
{
|
||||||
StrFromSV_Wrapper username(results_view.substr(0, middle));
|
StrFromSV_Wrapper username(results_view.substr(0, middle));
|
||||||
if constexpr (require_admin)
|
if (ValidUsername(username.str)) //check if username is a valid attempt to avoid hashing/grabbing shared lock
|
||||||
{
|
{
|
||||||
if (bank.AdminVerifyAccount(username.str))
|
if constexpr (require_admin)
|
||||||
|
{
|
||||||
|
if (bank.AdminVerifyAccount(username.str))
|
||||||
|
{
|
||||||
|
StrFromSV_Wrapper password(results_view.substr(middle + 1));
|
||||||
|
if (bank.VerifyPassword(username.str, password.str))
|
||||||
|
{
|
||||||
|
fccb();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
{
|
{
|
||||||
StrFromSV_Wrapper password(results_view.substr(middle + 1));
|
StrFromSV_Wrapper password(results_view.substr(middle + 1));
|
||||||
if (bank.VerifyPassword(username.str, password.str))
|
if (bank.VerifyPassword(username.str, results_view.substr(middle + 1)))
|
||||||
{
|
{
|
||||||
|
if constexpr (set_body_flag)
|
||||||
|
{
|
||||||
|
req->setParameter("name", username.str);
|
||||||
|
}
|
||||||
fccb();
|
fccb();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
|
||||||
{
|
|
||||||
StrFromSV_Wrapper password(results_view.substr(middle + 1));
|
|
||||||
if (bank.VerifyPassword(username.str, results_view.substr(middle + 1)))
|
|
||||||
{
|
|
||||||
if constexpr (set_body_flag)
|
|
||||||
{
|
|
||||||
req->setParameter("name", username.str);
|
|
||||||
}
|
|
||||||
fccb();
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue