refactor: password requirements variables;
refactor: password validation function moved to custom validators; refactor: adjusted model's validation fields
This commit is contained in:
@@ -23,15 +23,15 @@ type Tokens struct {
|
||||
}
|
||||
|
||||
type RegistrationBeginRequest struct {
|
||||
Username string `json:"username" binding:"required,min=3,max=20" validate:"username"`
|
||||
Username string `json:"username" binding:"required" validate:"username"`
|
||||
Email *string `json:"email" binding:"email"`
|
||||
Password string `json:"password" binding:"required"` // TODO: password checking
|
||||
Password string `json:"password" binding:"required" validate:"password"`
|
||||
}
|
||||
|
||||
type RegistrationCompleteRequest struct {
|
||||
Username string `json:"username" binding:"required,min=3,max=20" validate:"username"`
|
||||
Username string `json:"username" binding:"required" validate:"username"`
|
||||
VerificationCode string `json:"verification_code" binding:"required"`
|
||||
Name string `json:"name" binding:"required,max=75"`
|
||||
Name string `json:"name" binding:"required" validate:"name"`
|
||||
Birthday *string `json:"birthday"`
|
||||
AvatarUrl *string `json:"avatar_url" binding:"http_url,max=255"`
|
||||
}
|
||||
|
||||
@@ -19,62 +19,19 @@ package utils
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"easywish/config"
|
||||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"regexp"
|
||||
)
|
||||
|
||||
func GenerateSecure6DigitNumber() (string, error) {
|
||||
// Generate a random number between 0 and 999999 (inclusive)
|
||||
// This ensures we get a 6-digit number, including those starting with 0
|
||||
max := 1000000 // Upper bound (exclusive)
|
||||
b := make([]byte, 4) // A 4-byte slice is sufficient for a 32-bit integer
|
||||
maxNumber := 1000000
|
||||
b := make([]byte, 4)
|
||||
|
||||
if _, err := io.ReadFull(rand.Reader, b); err != nil {
|
||||
return "", fmt.Errorf("failed to read random bytes: %w", err)
|
||||
}
|
||||
|
||||
// Convert bytes to an integer
|
||||
// We use a simple modulo operation to get a number within our desired range.
|
||||
// While this introduces a slight bias for very large ranges, for 1,000,000
|
||||
// it's negligible and simpler than more complex methods like rejection sampling.
|
||||
num := int(uint32(b[0])<<24 | uint32(b[1])<<16 | uint32(b[2])<<8 | uint32(b[3])) % max
|
||||
num := int(uint32(b[0])<<24 | uint32(b[1])<<16 | uint32(b[2])<<8 | uint32(b[3])) % maxNumber
|
||||
|
||||
return fmt.Sprintf("%06d", num), nil
|
||||
}
|
||||
|
||||
func ValidatePassword(password string) error {
|
||||
cfg := config.GetConfig()
|
||||
|
||||
if cfg.PasswordCheckLength {
|
||||
passwordLength := len(password); if passwordLength < 8 || passwordLength > 100 {
|
||||
return errors.New("Password must be between 8 and 100 characters")
|
||||
}
|
||||
}
|
||||
|
||||
if cfg.PasswordCheckNumbers {
|
||||
numbersPresent := regexp.MustCompile(`[0-9]`).MatchString(password); if !numbersPresent {
|
||||
return errors.New("Password must contain at least 1 number")
|
||||
}
|
||||
}
|
||||
|
||||
if cfg.PasswordCheckCases {
|
||||
differentCasesPresent := regexp.MustCompile(`(?=.*[a-z])(?=.*[A-Z])`).MatchString(password); if !differentCasesPresent {
|
||||
return errors.New("Password must have uppercase and lowercase characters")
|
||||
}
|
||||
}
|
||||
|
||||
if cfg.PasswordCheckSymbols {
|
||||
symbolsPresent := regexp.MustCompile(`[.,/;'[\]\-=_+{}:"<>?\/|!@#$%^&*()~]`).MatchString(password); if !symbolsPresent {
|
||||
return errors.New("Password must contain at least one special symbol")
|
||||
}
|
||||
}
|
||||
|
||||
if cfg.PasswordCheckLeaked {
|
||||
// TODO: implement checking leaked passwords via rockme.txt
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -18,6 +18,7 @@
|
||||
package validation
|
||||
|
||||
import (
|
||||
"easywish/config"
|
||||
"regexp"
|
||||
|
||||
"github.com/go-playground/validator/v10"
|
||||
@@ -46,6 +47,36 @@ func GetCustomHandlers() []CustomValidatorHandler {
|
||||
return regexp.MustCompile(`^[.]{1,75}$`).MatchString(username)
|
||||
}},
|
||||
|
||||
{
|
||||
FieldName: "password",
|
||||
Function: func(fl validator.FieldLevel) bool {
|
||||
password := fl.Field().String()
|
||||
cfg := config.GetConfig()
|
||||
|
||||
if cfg.PasswordMaxLength < len(password) || len(password) < cfg.PasswordMinLength {
|
||||
return false
|
||||
}
|
||||
|
||||
if cfg.PasswordCheckNumbers && !regexp.MustCompile(`\d+`).MatchString(password) {
|
||||
return false
|
||||
}
|
||||
|
||||
if cfg.PasswordCheckCases && !regexp.MustCompile(`^(?=.*[a-z])(?=.*[A-Z]).*$`).MatchString(password) ||
|
||||
cfg.PasswordCheckCharacters && !regexp.MustCompile(`[a-zA-Z]`).MatchString(password) {
|
||||
return false
|
||||
}
|
||||
|
||||
if cfg.PasswordCheckSymbols && !regexp.MustCompile(`[.,/;'[\]\-=_+{}:"<>?\/|!@#$%^&*()~]`).MatchString(password) {
|
||||
return false
|
||||
}
|
||||
|
||||
if cfg.PasswordCheckLeaked {
|
||||
// TODO: implement rockme check
|
||||
}
|
||||
|
||||
return true
|
||||
}},
|
||||
|
||||
}
|
||||
|
||||
return handlers
|
||||
|
||||
Reference in New Issue
Block a user