added custom insertion id regex check

2025-10-31 16:47:43 +02:00 · 2022-08-11 10:29:01 +03:00
parent ff935a39a1
commit 147344546b
9 changed files with 37 additions and 4 deletions
--- a/forms/admin_upsert.go
+++ b/forms/admin_upsert.go
@@ -74,6 +74,7 @@ func (form *AdminUpsert) Validate() error {
 			validation.When(
 				form.admin.IsNew(),
 				validation.Length(models.DefaultIdLength, models.DefaultIdLength),
+				validation.Match(idRegex),
 			).Else(validation.In(form.admin.Id)),
 		),
 		validation.Field(
--- a/forms/admin_upsert_test.go
+++ b/forms/admin_upsert_test.go
@@ -412,7 +412,13 @@ func TestAdminUpsertWithCustomId(t *testing.T) {
 			true,
 		},
 		{
-			"id = 15 chars",
+			"id = 15 chars (invalid chars)",
+			`{"id":"a@3456789012345"}`,
+			&models.Admin{},
+			true,
+		},
+		{
+			"id = 15 chars (valid chars)",
 			`{"id":"a23456789012345"}`,
 			&models.Admin{},
 			false,
--- a/forms/base.go
+++ b/forms/base.go
@@ -2,6 +2,11 @@
 // validation and applying changes to existing DB models through the app Dao.
 package forms

+import "regexp"
+
+// base ID value regex pattern
+var idRegex = regexp.MustCompile(`^[^\@\#\$\&\|\.\,\'\"\\\/\s]+$`)
+
 // InterceptorNextFunc is a interceptor handler function.
 // Usually used in combination with InterceptorFunc.
 type InterceptorNextFunc = func() error
--- a/forms/collection_upsert.go
+++ b/forms/collection_upsert.go
@@ -97,6 +97,7 @@ func (form *CollectionUpsert) Validate() error {
 			validation.When(
 				form.collection.IsNew(),
 				validation.Length(models.DefaultIdLength, models.DefaultIdLength),
+				validation.Match(idRegex),
 			).Else(validation.In(form.collection.Id)),
 		),
 		validation.Field(
--- a/forms/collection_upsert_test.go
+++ b/forms/collection_upsert_test.go
@@ -590,7 +590,13 @@ func TestCollectionUpsertWithCustomId(t *testing.T) {
 			true,
 		},
 		{
-			"id = 15 chars",
+			"id = 15 chars (invalid chars)",
+			`{"id":"a@3456789012345"}`,
+			newCollection(),
+			true,
+		},
+		{
+			"id = 15 chars (valid chars)",
 			`{"id":"a23456789012345"}`,
 			newCollection(),
 			false,
--- a/forms/record_upsert.go
+++ b/forms/record_upsert.go
@@ -276,6 +276,7 @@ func (form *RecordUpsert) Validate() error {
 			validation.When(
 				form.record.IsNew(),
 				validation.Length(models.DefaultIdLength, models.DefaultIdLength),
+				validation.Match(idRegex),
 			).Else(validation.In(form.record.Id)),
 		),
 	)
--- a/forms/record_upsert_test.go
+++ b/forms/record_upsert_test.go
@@ -653,7 +653,13 @@ func TestRecordUpsertWithCustomId(t *testing.T) {
 			true,
 		},
 		{
-			"id = 15 chars",
+			"id = 15 chars (invalid chars)",
+			map[string]string{"id": "a@3456789012345"},
+			models.NewRecord(collection),
+			true,
+		},
+		{
+			"id = 15 chars (valid chars)",
 			map[string]string{"id": "a23456789012345"},
 			models.NewRecord(collection),
 			false,
--- a/forms/user_upsert.go
+++ b/forms/user_upsert.go
@@ -76,6 +76,7 @@ func (form *UserUpsert) Validate() error {
 			validation.When(
 				form.user.IsNew(),
 				validation.Length(models.DefaultIdLength, models.DefaultIdLength),
+				validation.Match(idRegex),
 			).Else(validation.In(form.user.Id)),
 		),
 		validation.Field(
--- a/forms/user_upsert_test.go
+++ b/forms/user_upsert_test.go
@@ -369,7 +369,13 @@ func TestUserUpsertWithCustomId(t *testing.T) {
 			true,
 		},
 		{
-			"id = 15 chars",
+			"id = 15 chars (invalid chars)",
+			`{"id":"a@3456789012345"}`,
+			&models.User{},
+			true,
+		},
+		{
+			"id = 15 chars (valid chars)",
 			`{"id":"a23456789012345"}`,
 			&models.User{},
 			false,