ljj
/
Hydro
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

core: add avatar validation

Browse Source
pull/499/head
undefined 2 years ago
parent 5f995f97ad
commit 149c3671f7
2 changed files with 21 additions and 7 deletions
Show Stats Download Patch File Download Diff File

8
packages/hydrooj/src/handler/home.ts
Unescape Escape View File

@ -10,7 +10,7 @@ import {
UserNotFoundError, ValidationError, VerifyPasswordError,
} from '../error';
import { DomainDoc, MessageDoc, Setting } from '../interface';
import avatar from '../lib/avatar';
import avatar, { validate } from '../lib/avatar';
import * as mail from '../lib/mail';
import * as useragent from '../lib/useragent';
import { verifyTFA } from '../lib/verifyTFA';
@ -373,8 +373,10 @@ class HomeSettingsHandler extends Handler {
class HomeAvatarHandler extends Handler {
@param('avatar', Types.String, true)
async post(domainId: string, input: string) {
if (input) await user.setById(this.user._id, { avatar: input });
else if (this.request.files.file) {
if (input) {
if (!validate(input)) throw new ValidationError('avatar');
await user.setById(this.user._id, { avatar: input });
} else if (this.request.files.file) {
const file = this.request.files.file;
if (file.size > 8 * 1024 * 1024) throw new ValidationError('file');
const ext = path.extname(file.originalFilename);

16
packages/hydrooj/src/lib/avatar.ts
Unescape Escape View File

@ -1,3 +1,4 @@
import { Types } from '../service/decorators';
import { md5 } from '../utils';
type AvatarProvider = (src: string, size: number) => string;
@ -13,13 +14,24 @@ export const providers: Record<string, AvatarProvider> = {
function avatar(src: string, size = 64, fallback = '') {
src ||= fallback;
let index = src.indexOf(':');
if (index === -1) src = fallback;
if (index === -1 && fallback) {
src = fallback;
index = src.indexOf(':');
}
if (index === -1) return providers.gravatar('', size);
const [provider, str] = [src.substr(0, index), src.substr(index + 1, src.length)];
const [provider, str] = [src.substring(0, index), src.substring(index + 1, src.length)];
if (!providers[provider] || !str) return providers.gravatar('', size);
return providers[provider](str, size);
}
export function validate(input: string) {
if (!input) return true;
if (input.startsWith('url:')) return true;
if (input.startsWith('github:')) return /^[a-zA-Z0-9-]+$/.test(input.substring(7, input.length));
if (input.startsWith('qq:')) return /^[1-9]\d{4,}$/.test(input.substring(3));
if (input.startsWith('gravatar:')) return Types.Email[1](input.substring(9));
return false;
}
export default avatar;
global.Hydro.lib.avatar = avatar;

Write Preview
Loading…
Cancel
Save