From 248dff015bf5f6ce2598678c0dac892f9f80e400 Mon Sep 17 00:00:00 2001
From: Andinus <andinus@nand.sh>
Date: Fri, 27 Mar 2020 21:21:03 +0530
Subject: Enforce registration rules

---
 auth/register.go | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/auth/register.go b/auth/register.go
index 69e05ad..f946072 100644
--- a/auth/register.go
+++ b/auth/register.go
@@ -1,7 +1,9 @@
 package auth
 
 import (
+	"errors"
 	"log"
+	"regexp"
 	"strings"
 
 	"tildegit.org/andinus/perseus/storage/sqlite3"
@@ -10,13 +12,24 @@ import (
 
 // Register takes in registration details and returns an error. If
 // error doesn't equal nil then the registration was unsuccessful.
-// regInfo should have username & password.
-func Register(db *sqlite3.DB, regInfo map[string]string) error {
+// uInfo should have username & password.
+func Register(db *sqlite3.DB, uInfo map[string]string) error {
 	u := user.User{}
 	u.SetID(genID(64))
-	u.SetUsername(strings.ToLower(regInfo["username"]))
+	u.SetUsername(strings.ToLower(uInfo["username"]))
 
-	pass, err := hashPass(regInfo["password"])
+	// Validate username
+	re := regexp.MustCompile("^[a-z0-9]*$")
+	if !re.MatchString(u.Username()) {
+		return errors.New("auth/register.go: invalid username")
+	}
+
+	// Validate password
+	if len(uInfo["password"]) < 8 {
+		return errors.New("auth/register.go: password too short")
+	}
+
+	pass, err := hashPass(uInfo["password"])
 	if err != nil {
 		log.Printf("auth/register.go: %s\n",
 			"hashPass func failed")
-- 
cgit 1.4.1-2-gfad0