Merge pull request #9 from filiptronicek/main

Validate clip format
interclip · Jan 7, 2024 · 4b657ba · 4b657ba
2 parents 55e544c + f4b699f
commit 4b657ba
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 7 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -18,6 +18,7 @@ fern = "0.5"
 git2 = "0.16.1"
 dotenv = "0.15.0"
 diesel = { version = "2.1.4", features = ["postgres", "chrono"] }
+regex = "1.10"
 
 [dependencies.rocket]
 version = "0.5.0"

diff --git a/src/main.rs b/src/main.rs
@@ -2,6 +2,7 @@ mod models;
 mod schema;
 mod utils;
 
+use regex::Regex;
 use rocket::http::Status;
 use rocket::response::status::Custom;
 use utils::id::gen_id;
@@ -138,6 +139,14 @@ fn set_clip(
         }
     };
 
+    if url.scheme() != "http" && url.scheme() != "https" {
+        let response = APIResponse {
+            status: APIStatus::Error,
+            result: "Invalid URL scheme".to_string(),
+        };
+        return Err(Custom(Status::BadRequest, Json(response)));
+    }
+
     let mut db_connection = match db::initialize() {
         Ok(conn) => conn,
         Err(err) => {
@@ -204,6 +213,15 @@ fn get_clip(
         return Err(Custom(Status::BadRequest, Json(response)));
     }
 
+    let code_pattern = Regex::new(r"^(?i)[A-Z0-9]{5}$").unwrap();
+    if !code_pattern.is_match(code.as_str()) {
+        let response = APIResponse {
+            status: APIStatus::Error,
+            result: "Invalid clip code format".to_string(),
+        };
+        return Err(Custom(Status::BadRequest, Json(response)));
+    }
+
     let mut db_connection = match db::initialize() {
         Ok(conn) => conn,
         Err(err) => {