🐎⚡ valid name/pass check before vpass call

include/bank.h

@@ -10,6 +10,8 @@
 #include "change_flag.h"
 #endif
 
+bool ValidUsername(const std::string &name) noexcept;
+
 class Bank
 {
 #if MULTI_THREADED

src/bank.cpp

@@ -2,7 +2,7 @@
 
 using namespace drogon;
 
-INLINE bool ValidUsrname(const std::string &name) noexcept
+bool ValidUsername(const std::string &name) noexcept
 {
     if (name.size() < min_name_size || name.size() > max_name_size)
     {
@@ -211,7 +211,7 @@ bool Bank::AdminVerifyAccount(const std::string &name) noexcept
 }
 BankResponse Bank::AddUser(const std::string &name, uint32_t init_bal, std::string &&init_pass) noexcept
 {
-    if (!ValidUsrname(name))
+    if (!ValidUsername(name))
     {
         return {k400BadRequest, "\"Invalid Name, breaks size and/or character restrictions\""};
     }

src/user_filter.cpp

@@ -61,9 +61,11 @@ void UserFilter<set_body_flag, require_admin>::doFilter(const HttpRequestPtr &re
 
             std::string_view results_view(result_buffer, new_sz);
             std::size_t middle = results_view.find(':');
-            if (middle != std::string::npos)
+            if (middle != std::string::npos && ((new_sz - middle) <= 256))
             {
                 StrFromSV_Wrapper username(results_view.substr(0, middle));
+                if (ValidUsername(username.str)) //check if username is a valid attempt to avoid hashing/grabbing shared lock
+                {
                     if constexpr (require_admin)
                     {
                         if (bank.AdminVerifyAccount(username.str))
@@ -92,6 +94,7 @@ void UserFilter<set_body_flag, require_admin>::doFilter(const HttpRequestPtr &re
                 }
             }
         }
+    }
     const auto &resp = HttpResponse::newCustomHttpResponse(BankResponse(k401Unauthorized, "\"Invalid Credentials\""));
     fcb(resp);
 }