diff --git a/server/endpoints/system.js b/server/endpoints/system.js
index f4057a404e4b55e4a3a8411c5d8da90cc8ba6a8d..6c941b1cc23d74d18cac2a8f833365489fdf40ec 100644
--- a/server/endpoints/system.js
+++ b/server/endpoints/system.js
@@ -1024,7 +1024,7 @@ function systemEndpoints(app) {
const updates = {};
if (username) {
- updates.username = String(username);
+ updates.username = User.validations.username(String(username));
}
if (password) {
updates.password = String(password);
diff --git a/server/models/user.js b/server/models/user.js
index a1aeb2c63aff4a0ab9b675335c45dd52f6db0ea6..f08548afb7d19eec1b4f9cd17367730e732f6de8 100644
--- a/server/models/user.js
+++ b/server/models/user.js
@@ -10,6 +10,20 @@ const User = {
"role",
"suspended",
],
+ validations: {
+ username: (newValue = "") => {
+ try {
+ if (String(newValue).length > 100)
+ throw new Error("Username cannot be longer than 100 characters");
+ if (String(newValue).length < 2)
+ throw new Error("Username must be at least 2 characters");
+ return String(newValue);
+ } catch (e) {
+ throw new Error(e.message);
+ }
+ },
+ },
+
// validations for the above writable fields.
castColumnValue: function (key, value) {
switch (key) {
@@ -36,9 +50,9 @@ const User = {
const hashedPassword = bcrypt.hashSync(password, 10);
const user = await prisma.users.create({
data: {
- username,
+ username: this.validations.username(username),
password: hashedPassword,
- role,
+ role: String(role),
},
});
return { user: this.filterFields(user), error: null };
@@ -75,7 +89,13 @@ const User = {
// and force-casts to the proper type;
Object.entries(updates).forEach(([key, value]) => {
if (this.writable.includes(key)) {
- updates[key] = this.castColumnValue(key, value);
+ if (this.validations.hasOwnProperty(key)) {
+ updates[key] = this.validations[key](
+ this.castColumnValue(key, value)
+ );
+ } else {
+ updates[key] = this.castColumnValue(key, value);
+ }
return;
}
delete updates[key];