From 1fdc0fc63ab9111e768ff77fb83e661f4aec4747 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=9D=A8=E9=BB=84=E6=9E=97?= <yhl452493373@gmail.com>
Date: Wed, 30 Aug 2023 23:56:24 +0800
Subject: [PATCH] add user and token format verify

---
 assets/lang/en.json                 |  4 +--
 assets/lang/zh.json                 |  4 +--
 assets/static/js/index.js           | 14 ++++-----
 pkg/server/controller/controller.go | 49 +++++++++++++++++++----------
 4 files changed, 43 insertions(+), 28 deletions(-)

diff --git a/assets/lang/en.json b/assets/lang/en.json
index a8a92b8..eb0e20c 100644
--- a/assets/lang/en.json
+++ b/assets/lang/en.json
@@ -29,8 +29,8 @@
   "Other error": "Other error",
   "Param error": "Param error",
   "User exist": "User exist",
-  "User cannot be empty": "User cannot be empty",
-  "Token cannot be empty": "Token cannot be empty",
+  "User format error": "User cannot be empty or include space char. It only allowed alphanumeric and underline.",
+  "Token format error": "Token cannot be empty or include space char. It allow include those special char: _!@#$%^&*()",
   "Please check at least one user": "Please Check at least one user",
   "Operation confirm": "Operation confirm",
   "Empty data": "Empty data",
diff --git a/assets/lang/zh.json b/assets/lang/zh.json
index cf26cf1..d600379 100644
--- a/assets/lang/zh.json
+++ b/assets/lang/zh.json
@@ -29,8 +29,8 @@
   "Other error": "其他异常",
   "Param error": "参数异常",
   "User exist": "用户已经存在",
-  "User cannot be empty": "用户不能为空",
-  "Token cannot be empty": "Token 不能为空",
+  "User format error": "用户不能为空或包含空格。只允许英文数字、字母、下划线",
+  "Token format error": "Token不能为空或包含空格。允许的特殊符号：_!@#$%^&*()",
   "Please check at least one user": "请选中需要操作的用户",
   "Operation confirm": "操作确认",
   "Empty data": "无数据",
diff --git a/assets/static/js/index.js b/assets/static/js/index.js
index 4081d8a..3efd850 100644
--- a/assets/static/js/index.js
+++ b/assets/static/js/index.js
@@ -12,7 +12,7 @@ $(function () {
      */
     function verifyUser(username) {
         var valid = true;
-        if (username.trim() === '' || !/\w/.test(username)) {
+        if (username.trim() === '' || !/^\w+$/.test(username)) {
             valid = false;
         }
         return {
@@ -27,12 +27,12 @@ $(function () {
      */
     function verifyToken(token) {
         var valid = true;
-        if (token.trim() === '' || !/\w/.test(token)) {
+        if (token.trim() === '' || !/^[\w!@#$%^&*()]+$/.test(token)) {
             valid = false;
         }
         return {
             valid: valid,
-            trim: token
+            trim: token.trim()
         };
     }
 
@@ -153,7 +153,7 @@ $(function () {
             user: function (value, item) {
                 var result = verifyUser(value);
                 if (!result.valid) {
-                    return lang['UserEmpty'];
+                    return lang['UserFormatError'];
                 }
                 if (item != null) {
                     if (typeof item === "function") {
@@ -166,7 +166,7 @@ $(function () {
             token: function (value, item) {
                 var result = verifyToken(value);
                 if (!result.valid) {
-                    return lang['TokenEmpty'];
+                    return lang['TokenFormatError'];
                 }
                 if (item != null) {
                     if (typeof item === "function") {
@@ -614,9 +614,9 @@ $(function () {
             else if (result.code === 3)
                 reason = lang['ParamError'];
             else if (result.code === 4)
-                reason = lang['UserEmpty'];
+                reason = lang['UserFormatError'];
             else if (result.code === 5)
-                reason = lang['TokenEmpty'];
+                reason = lang['TokenFormatError'];
             layui.layer.msg(lang['OperateFailed'] + ',' + reason)
         }
 
diff --git a/pkg/server/controller/controller.go b/pkg/server/controller/controller.go
index 5fc5b44..73625a3 100644
--- a/pkg/server/controller/controller.go
+++ b/pkg/server/controller/controller.go
@@ -15,14 +15,16 @@ import (
 )
 
 const (
-	Success    = 0
-	ParamError = 1
-	UserExist  = 2
-	SaveError  = 3
-	UserEmpty  = 4
-	TokenEmpty = 5
+	Success          = 0
+	ParamError       = 1
+	UserExist        = 2
+	SaveError        = 3
+	UserFormatError  = 4
+	TokenFormatError = 5
 )
 
+var UserFormatReg = regexp.MustCompile("^\\w$")
+var TokenFormatReg = regexp.MustCompile("^[\\w!@#$%^&*()]+$")
 var TrimAllSpaceReg = regexp.MustCompile("[\\n\\t\\r\\s]")
 var TrimBreakLineReg = regexp.MustCompile("[\\n\\t\\r]")
 
@@ -212,8 +214,8 @@ func (c *HandleController) MakeLangFunc() func(context *gin.Context) {
 			"OperateError":          ginI18n.MustGetMessage(context, "Operate error"),
 			"OperateFailed":         ginI18n.MustGetMessage(context, "Operate failed"),
 			"UserExist":             ginI18n.MustGetMessage(context, "User exist"),
-			"UserEmpty":             ginI18n.MustGetMessage(context, "User cannot be empty"),
-			"TokenEmpty":            ginI18n.MustGetMessage(context, "Token cannot be empty"),
+			"UserFormatError":       ginI18n.MustGetMessage(context, "User format error"),
+			"TokenFormatError":      ginI18n.MustGetMessage(context, "Token format error"),
 			"ShouldCheckUser":       ginI18n.MustGetMessage(context, "Please check at least one user"),
 			"OperationConfirm":      ginI18n.MustGetMessage(context, "Operation confirm"),
 			"EmptyData":             ginI18n.MustGetMessage(context, "Empty data"),
@@ -317,11 +319,11 @@ func (c *HandleController) MakeAddTokenFunc() func(context *gin.Context) {
 			context.JSON(http.StatusOK, &response)
 			return
 		}
-		if strings.TrimSpace(info.User) == "" {
-			log.Printf("user add failed, user cannot be empty")
+		if !UserFormatReg.MatchString(info.User) {
+			log.Printf("user add failed, user format error")
 			response.Success = false
-			response.Code = UserEmpty
-			response.Message = fmt.Sprintf("user add failed, user cannot be empty")
+			response.Code = UserFormatError
+			response.Message = fmt.Sprintf("user add failed, user format error")
 			context.JSON(http.StatusOK, &response)
 			return
 		}
@@ -333,14 +335,16 @@ func (c *HandleController) MakeAddTokenFunc() func(context *gin.Context) {
 			context.JSON(http.StatusOK, &response)
 			return
 		}
-		if strings.TrimSpace(info.Token) == "" {
-			log.Printf("user add failed, token cannot be empty")
+		if !TokenFormatReg.MatchString(info.Token) {
+			log.Printf("user add failed, token format error")
 			response.Success = false
-			response.Code = TokenEmpty
-			response.Message = fmt.Sprintf("user add failed, token cannot be empty")
+			response.Code = TokenFormatError
+			response.Message = fmt.Sprintf("user add failed, token format error")
 			context.JSON(http.StatusOK, &response)
 			return
 		}
+		replaceSpaceToken := TrimAllSpaceReg.ReplaceAllString(info.Token, "")
+		info.Token = replaceSpaceToken
 		c.Tokens[info.User] = info
 
 		usersSection, _ := c.IniFile.GetSection("users")
@@ -408,7 +412,18 @@ func (c *HandleController) MakeUpdateTokensFunc() func(context *gin.Context) {
 		comment := TrimBreakLineReg.ReplaceAllString(after.Comment, "")
 		after.Comment = comment
 		key.Comment = comment
-		key.SetValue(after.Token)
+
+		if !TokenFormatReg.MatchString(after.Token) {
+			log.Printf("update failed, token format error")
+			response.Success = false
+			response.Code = TokenFormatError
+			response.Message = "user update failed, token format error "
+			context.JSON(http.StatusOK, &response)
+			return
+		}
+		replaceSpaceToken := TrimAllSpaceReg.ReplaceAllString(after.Token, "")
+		after.Token = replaceSpaceToken
+		key.SetValue(replaceSpaceToken)
 
 		if before.Ports != after.Ports {
 			portsSection, _ := c.IniFile.GetSection("ports")