UPDATE: fixed signup method and added input sanitisation

2025-01-27 11:21:55 +00:00
parent e0d748ed06
commit 3dc44da69a
4 changed files with 60 additions and 8 deletions
--- a/web_server/blueprints/utils.py
+++ b/web_server/blueprints/utils.py
@@ -1,5 +1,6 @@
 from flask import redirect, url_for, request, g, session
 from functools import wraps
+from re import match

 def logged_in_user():
    g.user = session.get("username", None)
@@ -21,4 +22,43 @@ def admin_required(view):
        if g.admin != "admin":
            return redirect(url_for("login", next=request.url))
        return view(*args, **kwargs)
-    return wrapped_view
+    return wrapped_view
+
+import re
+
+def sanitizer(user_input: str, input_type="username") -> str:
+    """
+    Sanitizes user input based on the specified input type.
+    
+    `input_type`: The type of input to sanitize (e.g., 'username', 'email', 'password').
+    """
+    # Strip leading and trailing whitespace
+    sanitised_input = user_input.strip()
+
+    # Define allowed patterns and length constraints for each type
+    rules = {
+        "username": {
+            "pattern": r"^[a-zA-Z0-9_]+$",  # Alphanumeric + underscores
+            "min_length": 3,
+            "max_length": 50,
+        },
+        "email": {
+            "pattern": r"^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$",  # Standard email regex
+            "min_length": 5,
+            "max_length": 128,
+        },
+        "password": {
+            "pattern": r"^[\S]+$",  # Non-whitespace characters only
+            "min_length": 8,
+            "max_length": 256,
+        },
+    }
+
+    # Get the validation rules for the specified type
+    r = rules.get(input_type)
+    if not r or \
+    not (r["min_length"] <= len(sanitised_input) <= r["max_length"]) or \
+    not re.match(r["pattern"], sanitised_input):
+        raise ValueError("Unaccepted character or length in input")
+
+    return sanitised_input