Rainnny/RESTfulMC
1
0
Fork 0
Code Issues 1 Pull Requests 10 Actions Wiki Activity

Add username regex validation

Browse Source
This commit is contained in:
Braydon 2024-04-08 03:32:36 -04:00
parent 712208aad8
commit de0cd5ef8c
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/me/braydon/mc/controller/PlayerController.java
View File

@ -713,7 +713,7 @@ public final class PlayerController {
* *
* @param query the query to search for the player by * @param query the query to search for the player by
* @return the player response * @return the player response
* @throws BadRequestException if the UUID is malformed * @throws BadRequestException if the UUID is malformed or the username is invalid
* @throws ResourceNotFoundException if the player is not found * @throws ResourceNotFoundException if the player is not found
*/ */
@GetMapping("/{query}") @GetMapping("/{query}")

8
src/main/java/me/braydon/mc/service/MojangService.java
View File

@ -711,6 +711,7 @@ import java.net.URL;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.util.*; import java.util.*;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
import java.util.regex.Pattern;
/** /**
* A service for interacting with the Mojang API. * A service for interacting with the Mojang API.
@ -726,6 +727,8 @@ public final class MojangService {
private static final String USERNAME_TO_UUID = API_ENDPOINT + "/users/profiles/minecraft/%s"; private static final String USERNAME_TO_UUID = API_ENDPOINT + "/users/profiles/minecraft/%s";
private static final String FETCH_BLOCKED_SERVERS = SESSION_SERVER_ENDPOINT + "/blockedservers"; private static final String FETCH_BLOCKED_SERVERS = SESSION_SERVER_ENDPOINT + "/blockedservers";
private static final Pattern USERNAME_REGEX = Pattern.compile("^[a-zA-Z0-9_]{2,16}$");
private static final int DEFAULT_PART_TEXTURE_SIZE = 128; private static final int DEFAULT_PART_TEXTURE_SIZE = 128;
private static final int MAX_PART_TEXTURE_SIZE = 512; private static final int MAX_PART_TEXTURE_SIZE = 512;
@ -836,7 +839,7 @@ public final class MojangService {
* @param query the query to search for the player by * @param query the query to search for the player by
* @param bypassCache should the cache be bypassed? * @param bypassCache should the cache be bypassed?
* @return the player * @return the player
* @throws BadRequestException if the UUID is malformed * @throws BadRequestException if the UUID is malformed or the username is invalid
* @throws ResourceNotFoundException if the player is not found * @throws ResourceNotFoundException if the player is not found
*/ */
@NonNull @NonNull
@ -853,6 +856,9 @@ public final class MojangService {
throw new BadRequestException("Malformed UUID provided: %s".formatted(query)); throw new BadRequestException("Malformed UUID provided: %s".formatted(query));
} }
} else { // The query is a username, request from Mojang } else { // The query is a username, request from Mojang
if (!USERNAME_REGEX.matcher(query).matches()) { // Ensure the username is valid
throw new BadRequestException("Invalid username provided: %s".formatted(query));
}
uuid = usernameToUUID(query); uuid = usernameToUUID(query);
log.info("Found UUID for username {}: {}", query, uuid); log.info("Found UUID for username {}: {}", query, uuid);
} }