moon
/
sync
mirror of https://github.com/calzoneman/sync.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Reject guest names matching the reserved usernames regex

This commit is contained in:
Calvin Montgomery 2018-06-03 22:01:40 -07:00
parent 90b5e5e09f
commit 3413c3bdaa
2 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/user.js
View File

@ -381,6 +381,19 @@ User.prototype.guestLogin = function (name) {
return; return;
} }
if (name.match(Config.get("reserved-names.usernames"))) {
LOGGER.warn(
'Rejecting attempt by %s to use reserved username "%s"',
self.realip,
name
);
self.socket.emit("login", {
success: false,
error: "That username is reserved."
});
return;
}
// Prevent duplicate logins // Prevent duplicate logins
self.setFlag(Flags.U_LOGGING_IN); self.setFlag(Flags.U_LOGGING_IN);
db.users.isUsernameTaken(name, function (err, taken) { db.users.isUsernameTaken(name, function (err, taken) {

5
src/web/auth.js
View File

@ -190,6 +190,11 @@ function handleRegister(req, res) {
} }
if (name.match(Config.get("reserved-names.usernames"))) { if (name.match(Config.get("reserved-names.usernames"))) {
LOGGER.warn(
'Rejecting attempt by %s to register reserved username "%s"',
ip,
name
);
sendPug(res, "register", { sendPug(res, "register", {
registerError: "That username is reserved" registerError: "That username is reserved"
}); });