From f888c628408501daf639de07b90a72ab443b0f4c Mon Sep 17 00:00:00 2001
From: boojack <stevenlgtm@gmail.com>
Date: Tue, 27 Dec 2022 21:51:43 +0800
Subject: [PATCH] chore: update userinfo validator (#868)

* chore: update userinfo validator

* chore: update actions

* chore: update
---
 .github/workflows/backend-tests-default.yml  | 20 ++++++++++
 .github/workflows/backend-tests.yml          |  4 +-
 .github/workflows/frontend-tests-default.yml | 25 ++++++++++++
 .github/workflows/frontend-tests.yml         |  4 +-
 api/user.go                                  | 41 ++++++++++++++++++++
 server/user.go                               |  5 +--
 6 files changed, 90 insertions(+), 9 deletions(-)
 create mode 100644 .github/workflows/backend-tests-default.yml
 create mode 100644 .github/workflows/frontend-tests-default.yml

diff --git a/.github/workflows/backend-tests-default.yml b/.github/workflows/backend-tests-default.yml
new file mode 100644
index 0000000000000..79b3ca6bf34cf
--- /dev/null
+++ b/.github/workflows/backend-tests-default.yml
@@ -0,0 +1,20 @@
+name: Backend Test
+
+on:
+  pull_request:
+    branches:
+      - main
+      - "release/v*.*.*"
+    paths:
+      - "web/**"
+
+jobs:
+  go-static-checks:
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "Not required"'
+
+  go-tests:
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "Not required"'
diff --git a/.github/workflows/backend-tests.yml b/.github/workflows/backend-tests.yml
index b9330cfade2ab..01d9dc54c64f7 100644
--- a/.github/workflows/backend-tests.yml
+++ b/.github/workflows/backend-tests.yml
@@ -1,12 +1,10 @@
 name: Backend Test
 
 on:
-  push:
+  pull_request:
     branches:
       - main
       - "release/v*.*.*"
-  pull_request:
-    branches: [main]
     paths-ignore:
       - "web/**"
 
diff --git a/.github/workflows/frontend-tests-default.yml b/.github/workflows/frontend-tests-default.yml
new file mode 100644
index 0000000000000..3aec38a1f2642
--- /dev/null
+++ b/.github/workflows/frontend-tests-default.yml
@@ -0,0 +1,25 @@
+name: Frontend Test
+
+on:
+  pull_request:
+    branches:
+      - main
+      - "release/v*.*.*"
+    paths-ignore:
+      - "web/**"
+
+jobs:
+  eslint-checks:
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "Not required"'
+
+  jest-tests:
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "Not required"'
+
+  frontend-build:
+    runs-on: ubuntu-latest
+    steps:
+      - run: 'echo "Not required"'
diff --git a/.github/workflows/frontend-tests.yml b/.github/workflows/frontend-tests.yml
index 81c31cb245882..65b5ec295714e 100644
--- a/.github/workflows/frontend-tests.yml
+++ b/.github/workflows/frontend-tests.yml
@@ -1,12 +1,10 @@
 name: Frontend Test
 
 on:
-  push:
+  pull_request:
     branches:
       - main
       - "release/v*.*.*"
-  pull_request:
-    branches: [main]
     paths:
       - "web/**"
 
diff --git a/api/user.go b/api/user.go
index 529f3fc22e57f..1c3b4f906ba55 100644
--- a/api/user.go
+++ b/api/user.go
@@ -2,6 +2,8 @@ package api
 
 import (
 	"fmt"
+
+	"github.com/usememos/memos/common"
 )
 
 // Role is the type of a role.
@@ -61,9 +63,23 @@ func (create UserCreate) Validate() error {
 	if len(create.Username) < 4 {
 		return fmt.Errorf("username is too short, minimum length is 4")
 	}
+	if len(create.Username) > 32 {
+		return fmt.Errorf("username is too long, maximum length is 32")
+	}
 	if len(create.Password) < 4 {
 		return fmt.Errorf("password is too short, minimum length is 4")
 	}
+	if len(create.Nickname) > 64 {
+		return fmt.Errorf("nickname is too long, maximum length is 64")
+	}
+	if create.Email != "" {
+		if len(create.Email) > 256 {
+			return fmt.Errorf("email is too long, maximum length is 256")
+		}
+		if common.ValidateEmail(create.Email) {
+			return fmt.Errorf("invalid email format")
+		}
+	}
 
 	return nil
 }
@@ -85,6 +101,31 @@ type UserPatch struct {
 	OpenID       *string
 }
 
+func (patch UserPatch) Validate() error {
+	if patch.Username != nil && len(*patch.Username) < 4 {
+		return fmt.Errorf("username is too short, minimum length is 4")
+	}
+	if patch.Username != nil && len(*patch.Username) > 32 {
+		return fmt.Errorf("username is too long, maximum length is 32")
+	}
+	if patch.Password != nil && len(*patch.Password) < 4 {
+		return fmt.Errorf("password is too short, minimum length is 4")
+	}
+	if patch.Nickname != nil && len(*patch.Nickname) > 64 {
+		return fmt.Errorf("nickname is too long, maximum length is 64")
+	}
+	if patch.Email != nil {
+		if len(*patch.Email) > 256 {
+			return fmt.Errorf("email is too long, maximum length is 256")
+		}
+		if common.ValidateEmail(*patch.Email) {
+			return fmt.Errorf("invalid email format")
+		}
+	}
+
+	return nil
+}
+
 type UserFind struct {
 	ID *int `json:"id"`
 
diff --git a/server/user.go b/server/user.go
index 5adbdfd7c4d67..76d765871093b 100644
--- a/server/user.go
+++ b/server/user.go
@@ -198,9 +198,8 @@ func (s *Server) registerUserRoutes(g *echo.Group) {
 		if err := json.NewDecoder(c.Request().Body).Decode(userPatch); err != nil {
 			return echo.NewHTTPError(http.StatusBadRequest, "Malformatted patch user request").SetInternal(err)
 		}
-
-		if userPatch.Email != nil && *userPatch.Email != "" && !common.ValidateEmail(*userPatch.Email) {
-			return echo.NewHTTPError(http.StatusBadRequest, "Invalid email format")
+		if err := userPatch.Validate(); err != nil {
+			return echo.NewHTTPError(http.StatusBadRequest, "Invalid user patch format.").SetInternal(err)
 		}
 
 		if userPatch.Password != nil && *userPatch.Password != "" {