- Only allow ItemType:Audio from Jellyfin
- Fix NavBar for Mobile (Ugly hack but.. TO REWORK)
- Fixed registration page issues
- Add functionality to pull recent scrobbles to Dashboard
- Add MX record lookup validation for emails
- Add username validation for a-Z 0-9 _ and .
- Dashboard shows basic table of last 500 scrobbles.
This commit is contained in:
Daniel Mason 2021-03-30 21:36:28 +13:00
parent 7ae9a0cd66
commit 2f8aa2e502
Signed by: idanoo
GPG key ID: 387387CDBC02F132
31 changed files with 425 additions and 171 deletions

View file

@ -10,6 +10,23 @@ import (
// ParseJellyfinInput - Transform API data into a common struct
func ParseJellyfinInput(userUUID string, data map[string]interface{}, ip net.IP, tx *sql.Tx) error {
if data["ItemType"] != "Audio" {
return errors.New("Media type not audio")
}
// Safety Checks
if data["Artist"] == nil {
return errors.New("Missing artist data")
}
if data["Album"] == nil {
return errors.New("Missing album data")
}
if data["Name"] == nil {
return errors.New("Missing track data")
}
// Insert artist if not exist
artist, err := insertArtist(fmt.Sprintf("%s", data["Artist"]), fmt.Sprintf("%s", data["Provider_musicbrainzartist"]), tx)
if err != nil {

View file

@ -165,14 +165,18 @@ func jwtMiddleware(next func(http.ResponseWriter, *http.Request, string, string)
return
}
var v string
var reqUuid string
for k, v := range mux.Vars(r) {
if k == "id" {
log.Printf("key=%v, value=%v", k, v)
reqUuid = v
}
}
next(w, r, claims.Subject, v)
if reqUuid == "" {
throwBadReq(w, "Invalid Request")
}
next(w, r, claims.Subject, reqUuid)
}
}
@ -206,7 +210,7 @@ func handleRegister(w http.ResponseWriter, r *http.Request) {
ip := getUserIp(r)
err = createUser(&regReq, ip)
if err != nil {
throwOkMessage(w, err.Error())
throwOkError(w, err.Error())
return
}
@ -265,7 +269,7 @@ func handleIngress(w http.ResponseWriter, r *http.Request, userUuid string) {
ip := getUserIp(r)
err := ParseJellyfinInput(userUuid, bodyJson, ip, tx)
if err != nil {
log.Printf("Error inserting track: %+v", err)
// log.Printf("Error inserting track: %+v", err)
tx.Rollback()
throwBadReq(w, err.Error())
return

View file

@ -59,15 +59,12 @@ func createUser(req *RegisterRequest, ip net.IP) error {
return errors.New("A username is required")
}
// Check max length for Username
if len(req.Username) > 64 {
return errors.New("Username cannot be longer than 64 characters")
}
// Check username doesn't contain @
if strings.Contains(req.Username, "@") {
// Check username is valid
if !isUsernameValid(req.Username) {
log.Println("user is invalid")
return errors.New("Username contains invalid characters")
}
log.Println("user is valid")
// If set an email.. validate it!
if req.Email != "" {

View file

@ -9,9 +9,11 @@ import (
"net"
"net/http"
"regexp"
"strings"
)
var emailRegex = regexp.MustCompile("^[a-zA-Z0-9.!#$%&'*+\\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$")
var usernameRegex = regexp.MustCompile("^[a-zA-Z0-9_\\.]+$")
// decodeJson - Returns a map[string]interface{}
func decodeJson(body io.ReadCloser) (map[string]interface{}, error) {
@ -24,10 +26,31 @@ func decodeJson(body io.ReadCloser) (map[string]interface{}, error) {
// isEmailValid - checks if the email provided passes the required structure and length.
func isEmailValid(e string) bool {
if len(e) < 3 && len(e) > 254 {
if len(e) < 5 && len(e) > 254 {
return false
}
return emailRegex.MatchString(e)
if !emailRegex.MatchString(e) {
return false
}
// Do MX lookup
parts := strings.Split(e, "@")
mx, err := net.LookupMX(parts[1])
if err != nil || len(mx) == 0 {
return false
}
return true
}
// isUsernameValid - Checks if username is alphanumeric+underscores+dots
func isUsernameValid(e string) bool {
if len(e) > 64 {
return false
}
return usernameRegex.MatchString(e)
}
// contains - Check if string is in list