feat(user): support disallowed name
This commit is contained in:
MingxuanGame
31
app/auth.py
31
app/auth.py
@@ -2,6 +2,7 @@ from __future__ import annotations
|
||||
|
||||
from datetime import datetime, timedelta
|
||||
import hashlib
|
||||
import re
|
||||
import secrets
|
||||
import string
|
||||
|
||||
@@ -26,6 +27,36 @@ pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
|
||||
bcrypt_cache = {}
|
||||
|
||||
|
||||
def validate_username(username: str) -> list[str]:
|
||||
"""验证用户名"""
|
||||
errors = []
|
||||
|
||||
if not username:
|
||||
errors.append("Username is required")
|
||||
return errors
|
||||
|
||||
if len(username) < 3:
|
||||
errors.append("Username must be at least 3 characters long")
|
||||
|
||||
if len(username) > 15:
|
||||
errors.append("Username must be at most 15 characters long")
|
||||
|
||||
# 检查用户名格式(只允许字母、数字、下划线、连字符)
|
||||
if not re.match(r"^[a-zA-Z0-9_-]+$", username):
|
||||
errors.append(
|
||||
"Username can only contain letters, numbers, underscores, and hyphens"
|
||||
)
|
||||
|
||||
# 检查是否以数字开头
|
||||
if username[0].isdigit():
|
||||
errors.append("Username cannot start with a number")
|
||||
|
||||
if username.lower() in settings.banned_name:
|
||||
errors.append("This username is not allowed")
|
||||
|
||||
return errors
|
||||
|
||||
|
||||
def verify_password_legacy(plain_password: str, bcrypt_hash: str) -> bool:
|
||||
"""
|
||||
验证密码 - 使用 osu! 的验证方式
|
||||
|
||||
@@ -109,6 +109,15 @@ class Settings(BaseSettings):
|
||||
enable_all_beatmap_pp: bool = False
|
||||
suspicious_score_check: bool = True
|
||||
seasonal_backgrounds: list[str] = []
|
||||
banned_name: list[str] = [
|
||||
"mrekk",
|
||||
"vaxei",
|
||||
"btmc",
|
||||
"cookiezi",
|
||||
"peppy",
|
||||
"saragi",
|
||||
"chocomint",
|
||||
]
|
||||
|
||||
# 存储设置
|
||||
storage_service: StorageServiceType = StorageServiceType.LOCAL
|
||||
|
||||
@@ -12,6 +12,7 @@ from app.auth import (
|
||||
get_token_by_refresh_token,
|
||||
get_user_by_authorization_code,
|
||||
store_token,
|
||||
validate_username,
|
||||
)
|
||||
from app.config import settings
|
||||
from app.const import BANCHOBOT_ID
|
||||
@@ -46,33 +47,6 @@ def create_oauth_error_response(
|
||||
return JSONResponse(status_code=status_code, content=error_data.model_dump())
|
||||
|
||||
|
||||
def validate_username(username: str) -> list[str]:
|
||||
"""验证用户名"""
|
||||
errors = []
|
||||
|
||||
if not username:
|
||||
errors.append("Username is required")
|
||||
return errors
|
||||
|
||||
if len(username) < 3:
|
||||
errors.append("Username must be at least 3 characters long")
|
||||
|
||||
if len(username) > 15:
|
||||
errors.append("Username must be at most 15 characters long")
|
||||
|
||||
# 检查用户名格式(只允许字母、数字、下划线、连字符)
|
||||
if not re.match(r"^[a-zA-Z0-9_-]+$", username):
|
||||
errors.append(
|
||||
"Username can only contain letters, numbers, underscores, and hyphens"
|
||||
)
|
||||
|
||||
# 检查是否以数字开头
|
||||
if username[0].isdigit():
|
||||
errors.append("Username cannot start with a number")
|
||||
|
||||
return errors
|
||||
|
||||
|
||||
def validate_email(email: str) -> list[str]:
|
||||
"""验证邮箱"""
|
||||
errors = []
|
||||
|
||||
@@ -2,6 +2,7 @@ from __future__ import annotations
|
||||
|
||||
from datetime import UTC, datetime
|
||||
|
||||
from app.auth import validate_username
|
||||
from app.config import settings
|
||||
from app.database.events import Event, EventType
|
||||
from app.database.lazer_user import User
|
||||
@@ -41,6 +42,9 @@ async def user_rename(
|
||||
).first()
|
||||
if samename_user:
|
||||
raise HTTPException(409, "Username Exisits")
|
||||
errors = validate_username(new_name)
|
||||
if errors:
|
||||
raise HTTPException(403, "\n".join(errors))
|
||||
previous_username = []
|
||||
previous_username.extend(current_user.previous_usernames)
|
||||
previous_username.append(current_user.username)
|
||||
|
||||
Reference in New Issue
Block a user