set limit of 64 characters for lookup

2024-11-10 01:02:30 +01:00 · 2021-06-25 11:57:27 -04:00 · 2021-06-25 11:57:27 -04:00 · 09ab1dabdf
commit 09ab1dabdf
parent f29bafe89a
2 changed files with 21 additions and 1 deletions
--- a/src/routes/getUserID.ts
+++ b/src/routes/getUserID.ts
@ -5,7 +5,7 @@ import {Request, Response} from 'express';
 export async function getUserID(req: Request, res: Response) {
    let username = req.query.username as string;

-    if (username == undefined) {
+    if (username == undefined || username.length > 64) {
        //invalid request
        res.sendStatus(400);
        return;
--- a/test/cases/getUserID.ts
+++ b/test/cases/getUserID.ts
@ -11,6 +11,7 @@ describe('getUserID', () => {
        await db.prepare("run", insertUserNameQuery, [getHash("getuserid_user_03"), 'specific user 03']);
        await db.prepare("run", insertUserNameQuery, [getHash("getuserid_user_04"), 'repeating']);
        await db.prepare("run", insertUserNameQuery, [getHash("getuserid_user_05"), 'repeating']);
+        await db.prepare("run", insertUserNameQuery, [getHash("getuserid_user_06"), getHash("getuserid_user_06")]);
    });

    it('Should be able to get a 200', (done: Done) => {
@ -32,6 +33,25 @@ describe('getUserID', () => {
        .catch(err => done('couldn\'t call endpoint'));
    });

+    it('Should be able to get a 200 (username is public id)', (done: Done) => {
+        fetch(getbaseURL() + '/api/userID?username='+getHash("getuserid_user_06"))
+        .then(async res => {
+            const text = await res.text()
+            if (res.status !== 200) done('non 200 (' + res.status + ')');
+            else done(); // pass
+        })
+        .catch(err => done('couldn\'t call endpoint'));
+    });
+
+    it('Should be able to get a 400 (username longer than 64 chars)', (done: Done) => {
+        fetch(getbaseURL() + '/api/userID?username='+getHash("getuserid_user_06")+'0')
+        .then(res => {
+            if (res.status !== 400) done('non 400 (' + res.status + ')');
+            else done(); // pass
+        })
+        .catch(err => done('couldn\'t call endpoint'));
+    });
+
    it('Should be able to get single username', (done: Done) => {
        fetch(getbaseURL() + '/api/userID?username=fuzzy+user+01')
        .then(async res => {